Hello, I ran into a problem when routing connections from a specific address. I need to use a dedicated channel for downloading video, and for everything else, a port-dependent channel. Routing is based on the receiving port of the proxy server. I am using ssl_bum Config example: http_port 3128 tcpkeepalive=60,30,3 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=20MB tls-cert=/etc/squid/bump.crt tls-key=/etc/squid/bump.key cipher=HIGH:MEDIUM:!LOW:!RC4:!SEED:!IDEA:!3DES:!MD5:!EXP:!PSK:!DSS options=NO_TLSv1,NO_SSLv3,SINGLE_DH_US E,SINGLE_ECDH_USE tls-dh=prime256v1:/etc/squid/bump_dhparam.pem http_port 3129 tcpkeepalive=60,30,3 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=20MB tls-cert=/etc/squid/bump.crt tls-key=/etc/squid/bump.key cipher=HIGH:MEDIUM:!LOW:!RC4:!SEED:!IDEA:!3DES:!MD5:!EXP:!PSK:!DSS options=NO_TLSv1,NO_SSLv3,SINGLE_DH_US E,SINGLE_ECDH_USE tls-dh=prime256v1:/etc/squid/bump_dhparam.pem http_port 3130 tcpkeepalive=60,30,3 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=20MB tls-cert=/etc/squid/bump.crt tls-key=/etc/squid/bump.key cipher=HIGH:MEDIUM:!LOW:!RC4:!SEED:!IDEA:!3DES:!MD5:!EXP:!PSK:!DSS options=NO_TLSv1,NO_SSLv3,SINGLE_DH_US E,SINGLE_ECDH_USE tls-dh=prime256v1:/etc/squid/bump_dhparam.pem http_port 3131 tcpkeepalive=60,30,3 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=20MB tls-cert=/etc/squid/bump.crt tls-key=/etc/squid/bump.key cipher=HIGH:MEDIUM:!LOW:!RC4:!SEED:!IDEA:!3DES:!MD5:!EXP:!PSK:!DSS options=NO_TLSv1,NO_SSLv3,SINGLE_DH_US E,SINGLE_ECDH_USE tls-dh=prime256v1:/etc/squid/bump_dhparam.pem http_port 3132 tcpkeepalive=60,30,3 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=20MB tls-cert=/etc/squid/bump.crt tls-key=/etc/squid/bump.key cipher=HIGH:MEDIUM:!LOW:!RC4:!SEED:!IDEA:!3DES:!MD5:!EXP:!PSK:!DSS options=NO_TLSv1,NO_SSLv3,SINGLE_DH_US E,SINGLE_ECDH_USE tls-dh=prime256v1:/etc/squid/bump_dhparam.pem http_port 3133 tcpkeepalive=60,30,3 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=20MB tls-cert=/etc/squid/bump.crt tls-key=/etc/squid/bump.key cipher=HIGH:MEDIUM:!LOW:!RC4:!SEED:!IDEA:!3DES:!MD5:!EXP:!PSK:!DSS options=NO_TLSv1,NO_SSLv3,SINGLE_DH_US E,SINGLE_ECDH_USE tls-dh=prime256v1:/etc/squid/bump_dhparam.pem http_port 3134 tcpkeepalive=60,30,3 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=20MB tls-cert=/etc/squid/bump.crt tls-key=/etc/squid/bump.key cipher=HIGH:MEDIUM:!LOW:!RC4:!SEED:!IDEA:!3DES:!MD5:!EXP:!PSK:!DSS options=NO_TLSv1,NO_SSLv3,SINGLE_DH_US E,SINGLE_ECDH_USE tls-dh=prime256v1:/etc/squid/bump_dhparam.pem http_port 3135 tcpkeepalive=60,30,3 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=20MB tls-cert=/etc/squid/bump.crt tls-key=/etc/squid/bump.key cipher=HIGH:MEDIUM:!LOW:!RC4:!SEED:!IDEA:!3DES:!MD5:!EXP:!PSK:!DSS options=NO_TLSv1,NO_SSLv3,SINGLE_DH_US E,SINGLE_ECDH_USE tls-dh=prime256v1:/etc/squid/bump_dhparam.pem http_port 3136 tcpkeepalive=60,30,3 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=20MB tls-cert=/etc/squid/bump.crt tls-key=/etc/squid/bump.key cipher=HIGH:MEDIUM:!LOW:!RC4:!SEED:!IDEA:!3DES:!MD5:!EXP:!PSK:!DSS options=NO_TLSv1,NO_SSLv3,SINGLE_DH_US E,SINGLE_ECDH_USE tls-dh=prime256v1:/etc/squid/bump_dhparam.pem http_port 3137 tcpkeepalive=60,30,3 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=20MB tls-cert=/etc/squid/bump.crt tls-key=/etc/squid/bump.key cipher=HIGH:MEDIUM:!LOW:!RC4:!SEED:!IDEA:!3DES:!MD5:!EXP:!PSK:!DSS options=NO_TLSv1,NO_SSLv3,SINGLE_DH_US E,SINGLE_ECDH_USE tls-dh=prime256v1:/etc/squid/bump_dhparam.pem acl media_files urlpath_regex -i \.(3g2|3gp|3gpp|asf|asx|ashx|avi|bin|dat|f4v|flv|gtp|h264|m4v|mkv|mod|moov|mov|mp4|mpeg|mpg|mts|rm|rmvb|spl|srt|stl|swf|ts|vcd|vid|vob|webm|wm|wmv|yuv) tcp_outgoing_address 10.3.0.2 media_files acl port3128 localport 3128 acl port3129 localport 3129 acl port3130 localport 3130 acl port3131 localport 3131 acl port3132 localport 3132 acl port3133 localport 3133 acl port3134 localport 3134 acl port3135 localport 3135 acl port3136 localport 3136 acl port3137 localport 3137 tcp_outgoing_address 10.3.2.190 !media_files port3128 tcp_outgoing_address 10.3.2.191 !media_files port3129 tcp_outgoing_address 10.3.2.192 !media_files port3130 tcp_outgoing_address 10.3.2.193 !media_files port3131 tcp_outgoing_address 10.3.2.194 !media_files port3132 tcp_outgoing_address 10.3.2.195 !media_files port3133 tcp_outgoing_address 10.3.2.196 !media_files port3134 tcp_outgoing_address 10.3.2.197 !media_files port3135 tcp_outgoing_address 10.3.2.198 !media_files port3136 tcp_outgoing_address 10.3.2.199 !media_files port3137 When using HTTP (not SSL), this rules work fine, but with using HTTPS protocol first (with debug) used rule for CONNECT, and after rules with tcp_outgoing_address not applied. I commented this line and rebuild squid, but no more effect // skip if an outgoing address is already set. // if (!conn->local.isAnyAddr()) return; please help me _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
