Am 14.12.24 um 17:26 schrieb R:
My current goal is to set up a caching instance for https static content with squid 6.12. ssl-bump is set up according to https://wiki.squid-cache.org/Features/SslBump and it works fine, at least from the clients' perspectives and without any noticeable issues (e.g. with Firefox or Safari). Sometimes (~5-8% of the total requests) I can even get a few cache hits - including those juicy TCP_MEM_HIT/200s. What has been bothering me though is the impressive amount of client request errors being logged: # a few seconds after an instance restart openvpn-client2:/$ squidclient cache_object://localhost/counters | grep client_http.errors client_http.errors = 8 openvpn-client2:/$ squidclient cache_object://localhost/counters | grep client_http.errors client_http.errors = 20 In the access_log, it is possible to see many NONE_NONE/200 being logged for **almost every https request**. The amount of logged NONE_NONE/200 seem to vary according to the target website: github.com:443 throws 6-7 errors, while the lists.squid-cache.org throws only one.
When using ssl-bump, you must allow the initial CONNECT request and then decide on the broken up requests. E.g. add
http_access allow CONNECT before your first http_access line. Amon Ott -- Dr. Amon Ott m-privacy GmbH Tel: +49 30 24342334 Werner-Voß-Damm 62 Fax: +49 30 99296856 12101 Berlin http://www.m-privacy.de Amtsgericht Charlottenburg, HRB 84946 Geschäftsführer: Dipl.-Kfm. Holger Maczkowsky, Roman Maczkowsky GnuPG-Key-ID: 0x2DD3A649 _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx https://lists.squid-cache.org/listinfo/squid-users
