On 18/03/2013 11:12 a.m., S L wrote:
hello,
I've few questions...
1) I want to know whenever happening taking content https page. With
usual http it goes through httpReadReply, but ssl not follow this
function. So what function I can use for https pages reply?
There is no such function.
* HTTPS (port 443) begins with opening a binary tunnel (CONNECT
request), followed by shovelling encrypted bytes back and forth across
that tunnel. The relevant code is in src/tunnel.cc
* https:// (port 3128 inbound, port 443 outbound) is handled by
httpReadReply() since it is just regular HTTP traffic which happens to
be wrapped in a SSL/TLS socket on the outbound.
* "ssl bumped" traffic is handled by httpReadReply() because the 'bump'
stages decrypt the tunnel bytes and Squid handles the decrypted stream
as https:// inbound traffic.
2) What if I make a filter in aclParseAclLine as case and add similar
case in aclMatchAcl.
But in aclMatchAcl it didn't work. i.e. it newer hit this case in
aclMatchAcl, but in config I make it as usuall...
acl FLT new_filter /file
.....
http_access deny FLT
If you are dealing with HTTPS port 443 encrypted traffic (first case
above) there is *only* the CONNECT request and 200 OK response for
setting up the tunnel. None of the _multiple_ requests inside the
encrypted tunnel are seen by Squid.
Amos
