[squid-users] ACL processing in Squid 3.2

From: Andrew Farr <a.farr_at_ntlworld.com>
Date: Sat, 18 Aug 2012 18:31:14 +0100

I may be missing something here, but it looks like ACL processing is
broken for at least some HTTPS requests in 3.2.

Example configuration:

acl useparent dstdomain domain.com

cache_peer parent 8080 0 no-query name=parent01

cache_peer_access parent01 allow useparent
cache_peer_access parent01 deny all

# Included to see if it made any difference
always_direct deny useparent
always_direct allow all

Access over HTTP goes to the parent as expected, but HTTPS assess does not:

1345310649.623 644 TCP_MISS/200 8055 GET
http://www.domain.com/ - FIRSTUP_PARENT/ text/html
1345310544.835 8536 TCP_MISS/200 3580 CONNECT
www.domain.com:443 - HIER_DIRECT/ -

Also tried adding:
cache_peer_access parent01 allow CONNECT useparent
but it made no difference.

Build options:
Squid Cache: Version 3.2.1
configure options: '--prefix=/usr/local/squid'
'--infodir=/usr/local/info' '--mandir=/usr/local/man'
'--enable-async-io' '--enable-removal-policies=heap,lru'
'--disable-wccp' '--disable-wccpv2' '--disable-ident-lookups'
'--enable-linux-netfilter' '--with-large-files' '--disable-snmp'
'--disable-htcp' '--disable-ipv6' 'CFLAGS=-pipe -Wall -O2
-fomit-frame-pointer -march=native -s' 'CXXFLAGS=-pipe -Wall -O2
-fomit-frame-pointer -march=native -s'

Any suggestions, or this a bug in 3.2?

Received on Sat Aug 18 2012 - 17:31:26 MDT

This archive was generated by hypermail 2.2.0 : Sat Aug 18 2012 - 12:00:03 MDT