Am 14.12.24 um 17:26 schrieb R:
My current goal is to set up a caching instance for https static content with
squid 6.12.
ssl-bump is set up according to https://wiki.squid-cache.org/Features/SslBump
and it works fine, at least from the clients' perspectives and without any
noticeable issues (e.g. with Firefox or Safari). Sometimes (~5-8% of the total
requests) I can even get a few cache hits - including those juicy
TCP_MEM_HIT/200s.
What has been bothering me though is the impressive amount of client request
errors being logged:
# a few seconds after an instance restart
openvpn-client2:/$ squidclient cache_object://localhost/counters | grep
client_http.errors
client_http.errors = 8
openvpn-client2:/$ squidclient cache_object://localhost/counters | grep
client_http.errors
client_http.errors = 20
In the access_log, it is possible to see many NONE_NONE/200 being logged for
**almost every https request**. The amount of logged NONE_NONE/200 seem to
vary according to the target website: github.com:443 throws 6-7 errors, while
the lists.squid-cache.org throws only one.
When using ssl-bump, you must allow the initial CONNECT request and then
decide on the broken up requests. E.g. add
http_access allow CONNECT
before your first http_access line.
Amon Ott
--
Dr. Amon Ott
m-privacy GmbH Tel: +49 30 24342334
Werner-Voß-Damm 62 Fax: +49 30 99296856
12101 Berlin http://www.m-privacy.de
Amtsgericht Charlottenburg, HRB 84946
Geschäftsführer:
Dipl.-Kfm. Holger Maczkowsky,
Roman Maczkowsky
GnuPG-Key-ID: 0x2DD3A649
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
https://lists.squid-cache.org/listinfo/squid-users
