On 29.04.25 08:54, Renzo Marengo wrote:
When client uses CONNECT directive I understand that proxy establishes
tunnel to destination host on specified port
e.g.
http://www.example.com:8888/test.php
https://www.example.com:8888/test.php
1. I don't understand if this occurs both in presence of http and https
requests, The request (using CONNECT method) can be http or https ?
When you enter "http://www.example.com:8888/test.php"; into your browser,
your browser asks proxy server for "http://www.example.com:8888/test.php";
- it delegates fetching the content to proxy.
When you enter "https://www.example.com:8888/test.php"; to your browser, it
asks proxy server to "CONNET www.example.com:8888" and browser handles the
SSL negotiation and further communication itself.
This way, you can tunnel different protocols through the proxy, not just
HTTP (squid must be able to allow it, the destination ports are usually
restricted via "https_port" acl).
2. if In both cases CONNECT method is invoked but how I can discover
protocol (http, https) looking for inside access.log ?
A.B.C.D TCP_TUNNEL/200 7085 CONNECT mtalk.google.com:5228 - HIER_DIRECT/
142.251.18.188
I see only info about destination host and port but no http/https protocol
is referenced.
In this case, client A.B.C.D asked the proxy to "CONNECT
mtalk.google.com:5228" and the proxy fullfilled the request.
In case of CONNECT requests, the proxy has no idea what data flow through
the server. Afaik mtalk.google.com:5228 is used for google/firebase cloud
messaging.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
One OS to rule them all, One OS to find them,
One OS to bring them all and into darkness bind them
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
https://lists.squid-cache.org/listinfo/squid-users
