[squid-users] RE : [squid-users] tcp_outgoing_mark + https

Hi Eliezer, I'm not using SSL-Bump, I have a 100Mbit/s fiber connection and an SDSL 4Mbit/s. By default, all traffic goes through the SDSL except traffic to our production and VPN site-to-site. Squid running on the same box where I use shorewall to route marked packets and is directly connected to internet. Now, I want to mark packets with squid regarding dstdomain ACLs in order to "route" them on the 100Mb/s link. It works as expected with http but not for https (CONNECT) Best Regard, Sebastien ________________________________________ De : Eliezer Croitoru [eliezer@ngtech.co.il] Date d'envoi : mardi 11 décembre 2012 17:37 À : squid-users@squid-cache.org Objet : Re: [squid-users] tcp_outgoing_mark + https Hey Sebastien, Are you using ssl-bump at all? or just plain CONNECT requests? Else then the problem If you can explain more about the situation or the goal in more the just ROUTE web traffic over WAN connections. Do you have preference for specific routes? maybe you just want to load-balance? Maybe your approach is not in the right direction anyway? Regards, Eliezer On 12/11/2012 4:00 PM, Sébastien WENSKE wrote: > Hi List, > > I'm trying the "tcp_outgoing_mark" feature with dstdomain acls in order to > "route" web traffic on several WAN links, but I noticed that it doesn't > works with https requests. > > Does someone know how to achieve this? > > Many Thanks. > Sebastien > -- Eliezer Croitoru https://www1.ngtech.co.il sip:ngtech@sip2sip.info IT consulting for Nonprofit organizations eliezer <at> ngtech.co.il
Received on Tue Dec 11 2012 - 17:50:27 MST