On 18/03/2013 11:12 a.m., S L wrote:
>> hello,
>> I've few questions...
>> 1) I want to know whenever happening taking content https page. With
>> usual http it goes through httpReadReply, but ssl not follow this
>> function. So what function I can use for https pages reply?
>
>There is no such function.
>
>* HTTPS (port 443) begins with opening a binary tunnel (CONNECT
>request), followed by shovelling encrypted bytes back and forth across
>that tunnel. The relevant code is in src/tunnel.cc
>
>* https:// (port 3128 inbound, port 443 outbound) is handled by
>httpReadReply() since it is just regular HTTP traffic which happens to
>be wrapped in a SSL/TLS socket on the outbound.
I play around squid-2.7.STABLE8, so better suggest around c based code.
no it's not handled by httpReadReply(), I cant take it work with 443, but 80 will work okay.
I need suggestion with c-lang based squid code.
>
>* "ssl bumped" traffic is handled by httpReadReply() because the 'bump'
>stages decrypt the tunnel bytes and Squid handles the decrypted stream
>as https:// inbound traffic.
>
>> 2) What if I make a filter in aclParseAclLine as case and add similar
>> case in aclMatchAcl.
>> But in aclMatchAcl it didn't work. i.e. it newer hit this case in
>> aclMatchAcl, but in config I make it as usuall...
>> acl FLT new_filter /file
>> .....
>> http_access deny FLT
>
>If you are dealing with HTTPS port 443 encrypted traffic (first case
>above) there is *only* the CONNECT request and 200 OK response for
>setting up the tunnel. None of the _multiple_ requests inside the
>encrypted tunnel are seen by Squid.
>
>Amos No, that second question. I can't found place where I can start use readed from sqiud.conf access-list.
>
----------------------------------------------------------------------
----------------------------------------------------------------------
Received on Thu Mar 21 2013 - 04:08:00 MDT
This archive was generated by hypermail 2.2.0 : Thu Mar 21 2013 - 12:00:08 MDT