On 30/04/20 9:11 am, Anthony Mead wrote: > Hmm, if there were more logs I'd share them! Any reason why I'd only see a access.log line? > > I promise if I curl https://google.com this is the only line I see: > 1588193897.852 20 10.0.1.180 TCP_TUNNEL_ABORTED/200 5103 CONNECT 172.217.15.78:443 - ORIGINAL_DST/172.217.15.78 - > > Or curl https://youtube.com : > 1588194262.880 32 10.0.1.180 TCP_TUNNEL/200 4824 CONNECT 172.217.13.78:443 - ORIGINAL_DST/172.217.13.78 - > > Or curl https://github.com/: > 1588194657.291 45 10.0.1.180 TCP_TUNNEL/200 107344 CONNECT 140.82.113.4:443 - ORIGINAL_DST/140.82.113.4 - > Hm. There should at least be a second line showing what server name was sent in the peek'd SNI or server cert. The first looks like it reached "terminate all" at step3 of the bumping process. The last looks like it was spliced (by the data size transferred). But that definitely requires the server name to happen. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
