On 11/07/24 00:49, Alex Rousskov wrote:
On 2024-07-09 18:25, Fiehe, Christoph wrote:
I hope that somebody has an idea, what I am doing wrong.
AFAICT from the debugging log, it is your parent proxy that returns an
ERR_SECURE_CONNECT_FAIL error page in response to a seemingly valid
"HEAD https://..."; request. Can you ask their admin to investigate? You
may also recommend that they upgrade from Squid v4 that has many known
security vulnerabiities.
If parent is uncooperative, you can try to reproduce the problem by
temporary installing your own parent Squid instance and configuring your
child Squid to use that instead.
HTH,
Alex.
P.S. Unlike Amos, I do not see serious conceptual problems with
rewriting request target scheme (as a temporary compatibility measure).
It may not always work, for various reasons, but it does not necessarily
make things worse (and may make things better).
To which I refer you to:
<https://cwe.mitre.org/data/definitions/311.html>
<https://cwe.mitre.org/data/definitions/312.html>
<https://cwe.mitre.org/data/definitions/319.html>
Cheers
Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.squid-cache.org/listinfo/squid-users
