I may be missing something here, but it looks like ACL processing is
broken for at least some HTTPS requests in 3.2.
Example configuration:
acl useparent dstdomain domain.com
cache_peer 172.25.2.70 parent 8080 0 no-query name=parent01
connection-auth=off
cache_peer_access parent01 allow useparent
cache_peer_access parent01 deny all
# Included to see if it made any difference
always_direct deny useparent
always_direct allow all
Access over HTTP goes to the parent as expected, but HTTPS assess does not:
1345310649.623 644 10.0.0.1 TCP_MISS/200 8055 GET
http://www.domain.com/ - FIRSTUP_PARENT/172.25.2.70 text/html
1345310544.835 8536 10.0.0.1 TCP_MISS/200 3580 CONNECT
www.domain.com:443 - HIER_DIRECT/172.25.2.34 -
Also tried adding:
cache_peer_access parent01 allow CONNECT useparent
but it made no difference.
Build options:
Squid Cache: Version 3.2.1
configure options: '--prefix=/usr/local/squid'
'--infodir=/usr/local/info' '--mandir=/usr/local/man'
'--enable-async-io' '--enable-removal-policies=heap,lru'
'--disable-wccp' '--disable-wccpv2' '--disable-ident-lookups'
'--enable-linux-netfilter' '--with-large-files' '--disable-snmp'
'--disable-htcp' '--disable-ipv6' 'CFLAGS=-pipe -Wall -O2
-fomit-frame-pointer -march=native -s' 'CXXFLAGS=-pipe -Wall -O2
-fomit-frame-pointer -march=native -s'
'PKG_CONFIG_PATH=/usr/local/lib64/pkgconfig:/usr/lib64/pkgconfig'
Any suggestions, or this a bug in 3.2?
Andrew
Received on Sat Aug 18 2012 - 17:31:26 MDT
This archive was generated by hypermail 2.2.0 : Sat Aug 18 2012 - 12:00:03 MDT