Hello Rod, Not an expert, but from my understanding it seems that your NONE_NONE/200 are all related to a CONNECT. That means it is a SSL Tunnel, which is the initial log of a HTTPS connection when doing ssl_bumping. It is normally followed by another "regular" log, where you can get more information like protocole, Get or post, and URI, etc. Bellow 2 examples from your access.log. 1) Here, you have a NONE_NONE/200 for the Tunnel, then a TCP_MISS/200 after bumping is performed: 14/Dec/2024:15:28:14 +0000 122 192.168.1.125 NONE_NONE/200 -/- 0 CONNECT 4chan.org:443 - HIER_DIRECT/4chan.org - 14/Dec/2024:15:28:14 +0000 239 192.168.1.125 TCP_MISS/200 -/- 4876 GET https://4chan.org/ - HIER_DIRECT/4chan.org text/html 2) Here, you have a NONE_NONE/200 for the Tunnel, then a TCP_REFRESH_MODIFIED/200 after bumping is performed: 14/Dec/2024:15:28:17 +0000 105 192.168.1.125 NONE_NONE/200 -/- 0 CONNECT boards.4chan.org:443 - HIER_DIRECT/boards.4chan.org - 14/Dec/2024:15:28:17 +0000 117 192.168.1.125 TCP_REFRESH_MODIFIED/200 -/- 21264 GET https://boards.4chan.org/hr/ - HIER_DIRECT/boards.4chan.org text/html Regards, Slag Le samedi 14 décembre 2024 à 16:26 +0000, R a écrit : > 14/Dec/2024:15:28:17 +0000 105 192.168.1.125 NONE_NONE/200 -/- 0 > CONNECT boards.4chan.org:443 - HIER_DIRECT/boards.4chan.org - > 14/Dec/2024:15:28:17 +0000 117 192.168.1.125 > TCP_REFRESH_MODIFIED/200 -/- 21264 GET https://boards.4chan.org/hr/ - > HIER_DIRECT/boards.4chan.org text/html _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx https://lists.squid-cache.org/listinfo/squid-users
