On 2024-02-12 17:40, speedy67@xxxxxxxx wrote:
I'm using Squid 3.5.24 (indluded in Synology DSM 6) and I've an issue
with time acl. All works fine except some websites like myhordes.de.
Once the user connected to this kind of website, the time acl has no
effect while the web page is not reloaded. All datas sent and received
by the javascript scripts continue going thru the proxy server without
any filter.
Squid does not normally evaluate ACLs while tunneling traffic: Various
directives are checked at the tunnel establishment time and after the
tunnel is closed, but not when bytes are shoveled back and forth between
a TCP client and a TCP server.
The same can be said about processing (large) HTTP message bodies.
If your use case involves CONNECT tunnels, intercepted (but not bumped)
TLS connections, or very large/slow HTTP messages, then you need to
enhance Squid to apply some [time-related] checks "in the middle of a
[long] transaction".
https://wiki.squid-cache.org/SquidFaq/AboutSquid#how-to-add-a-new-squid-feature-enhance-of-fix-something
N.B. Squid v3 is very buggy and has not been supported by the Squid
Project for many years. Please upgrade to Squid v6 or later. The upgrade
itself will not add a "check directive X when tunneling for a long time"
feature though.
HTH,
Alex.
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.squid-cache.org/listinfo/squid-users
