On 2025-04-29 02:54, Renzo Marengo wrote:
When client uses CONNECT directive I understand that proxy establishes tunnel to destination host on specified port
Yes, the proxy establishes a TCP tunnel with the destination.
1. I don't understand if this occurs both in presence of http and https requests, The request (using CONNECT method) can be http or https ?
I do not know how _you_ define "http" and "https" in this context, but CONNECT request may be received on a plain text connection (i.e. a connection to an http_port), on an encrypted connection (i.e. a TLS connection to an https_port), and even inside a bumped TLS connection (on either port; e.g., a CONNECT request received inside a bumped CONNECT tunnel)!
2. if In both cases CONNECT method is invoked but how I can discover protocol (http, https) looking for inside access.log ?
If you are not telling Squid to bump the corresponding CONNECT tunnel using ssl_bump, then you cannot discover the protocol inside that tunnel. Squid is just shoveling opaque bytes using TCP in that (default) case.
If Squid successfully bumps the corresponding CONNECT tunnel, then the protocol inside that tunnel is HTTPS or, more precise, TLS-encrypted HTTP/0 or HTTP/1 transactions. You should see those decrypted transactions in access.log, logged with the same %transport::>connection_id as the CONNECT transaction.
If Squid attempts to bump the corresponding CONNECT tunnel, and that tunnel starts with a TLS handshake, then you may be able to recover the underlying protocol from ALPN extension in %>handshake.
See logformat directive for the above %code documentation: https://www.squid-cache.org/Doc/config/logformat/ HTH, Alex. _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users
