On 18/03/2013 11:12 a.m., S L wrote:
> hello,
> I've few questions...
> 1) I want to know whenever happening taking content https page. With
> usual http it goes through httpReadReply, but ssl not follow this
> function. So what function I can use for https pages reply?
There is no such function.
* HTTPS (port 443) begins with opening a binary tunnel (CONNECT
request), followed by shovelling encrypted bytes back and forth across
that tunnel. The relevant code is in src/tunnel.cc
* https:// (port 3128 inbound, port 443 outbound) is handled by
httpReadReply() since it is just regular HTTP traffic which happens to
be wrapped in a SSL/TLS socket on the outbound.
* "ssl bumped" traffic is handled by httpReadReply() because the 'bump'
stages decrypt the tunnel bytes and Squid handles the decrypted stream
as https:// inbound traffic.
> 2) What if I make a filter in aclParseAclLine as case and add similar
> case in aclMatchAcl.
> But in aclMatchAcl it didn't work. i.e. it newer hit this case in
> aclMatchAcl, but in config I make it as usuall...
> acl FLT new_filter /file
> .....
> http_access deny FLT
If you are dealing with HTTPS port 443 encrypted traffic (first case
above) there is *only* the CONNECT request and 200 OK response for
setting up the tunnel. None of the _multiple_ requests inside the
encrypted tunnel are seen by Squid.
Amos
Received on Mon Mar 18 2013 - 01:30:53 MDT
This archive was generated by hypermail 2.2.0 : Mon Mar 18 2013 - 12:00:16 MDT