Date: Wed, 3 Apr 2024 11:05:02 -0400 From: Alex Rousskov <rousskov@xxxxxxxxxxxxxxxxxxxxxxx> To: squid-users@xxxxxxxxxxxxxxxxxxxxx Subject: Re: Chrome auto-HTTPS-upgrade - not falling to http Message-ID: <e8845677-fe34-439a-9bfe-4a0b2aa3461a@xxxxxxxxxxxxxxxxxxxxxxx> Content-Type: text/plain; charset=UTF-8; format=flowed On 2024-04-03 02:14, Lou?ansk? Luk?? wrote:this has recently started me up more then let it go. For a while chrome is upgrading in-page links to https.Just to add two more pieces of related information to this thread: Some Squid admins report that their v6-based code does not suffer from this issue while their v5-based code does. I have not verified those reports, but there may be more to the story here. What Squid version are _you_ using? One way to track progress with this annoying and complex issue is to follow the following pull request. The current code cannot be officially merged as is, and I would not recommend using it in production (because of low-level bugs that will probably crash Squid in some cases), but testing it in the lab and providing feedback to authors may be useful: https://github.com/squid-cache/squid/pull/1668 HTH, Alex.
Hello,
fortunately, I do not observe this problem accessing sites running only on port 80 (no 443 at all), but my configuration is simple:
squid 6.6 as FreeBSD binary package
not much about ssl in the config file though, just passing it
through, no ssl juggling
acl SSL_ports port
acl Safe_ports port 80
acl Safe_ports port 443
acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny to_localhost
http_access allow ....
http_access allow ....
http_access allow ....
http_access allow ....
http_access allow ....
http_access deny all
I don't think it was different with squid 5.9, which I used till
November 2023.
Occasionally, I see another problem, which may or may not be
related to squid ssl handling configuration: PR_END_OF_FILE_ERROR
(Firefox) / ERR_CONNECTION_CLOSED (Chrome), typically accessing
samba.org. But they use permanent redirect from http to https, so
it another situation than http-only site.
David
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx https://lists.squid-cache.org/listinfo/squid-users
