>> When you enter "https://www.example.com:8888/test.php"; to your browser, it >>asks proxy server to "CONNECT www.example.com:8888" and browser handles the >>SSL negotiation and further communication itself.
what you are saying It's very interesting, infact previously I understood CONNECT method was invoked both by http and by https protocols. You are saying CONNECT method is invoked only if protocol is https, while if you type http://site:port, no CONNECT method is invoked. Right ? Il giorno mar 29 apr 2025 alle ore 16:36 Matus UHLAR - fantomas < uh...@fantomas.sk> ha scritto: > On 29.04.25 08:54, Renzo Marengo wrote: > >When client uses CONNECT directive I understand that proxy establishes > >tunnel to destination host on specified port > > > >e.g. > >http://www.example.com:8888/test.php > >https://www.example.com:8888/test.php > > > >1. I don't understand if this occurs both in presence of http and https > >requests, The request (using CONNECT method) can be http or https ? > > > When you enter "http://www.example.com:8888/test.php"; into your browser, > your browser asks proxy server for "http://www.example.com:8888/test.php"; > - it delegates fetching the content to proxy. > > When you enter "https://www.example.com:8888/test.php"; to your browser, > it > asks proxy server to "CONNET www.example.com:8888" and browser handles > the > SSL negotiation and further communication itself. > > This way, you can tunnel different protocols through the proxy, not just > HTTP (squid must be able to allow it, the destination ports are usually > restricted via "https_port" acl). > > >2. if In both cases CONNECT method is invoked but how I can discover > >protocol (http, https) looking for inside access.log ? > >A.B.C.D TCP_TUNNEL/200 7085 CONNECT mtalk.google.com:5228 - HIER_DIRECT/ > >142.251.18.188 > > > >I see only info about destination host and port but no http/https protocol > >is referenced. > > > In this case, client A.B.C.D asked the proxy to "CONNECT > mtalk.google.com:5228" and the proxy fullfilled the request. > In case of CONNECT requests, the proxy has no idea what data flow through > the server. Afaik mtalk.google.com:5228 is used for google/firebase cloud > messaging. > > -- > Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ > Warning: I wish NOT to receive e-mail advertising to this address. > Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. > One OS to rule them all, One OS to find them, > One OS to bring them all and into darkness bind them > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > https://lists.squid-cache.org/listinfo/squid-users >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users
