On 18/03/2013 11:12 a.m., S L wrote: >> hello, >> I've few questions... >> 1) I want to know whenever happening taking content https page. With >> usual http it goes through httpReadReply, but ssl not follow this >> function. So what function I can use for https pages reply? > >There is no such function. > >* HTTPS (port 443) begins with opening a binary tunnel (CONNECT >request), followed by shovelling encrypted bytes back and forth across >that tunnel. The relevant code is in src/tunnel.cc > >* https:// (port 3128 inbound, port 443 outbound) is handled by >httpReadReply() since it is just regular HTTP traffic which happens to >be wrapped in a SSL/TLS socket on the outbound. I play around squid-2.7.STABLE8, so better suggest around c based code. no it's not handled by httpReadReply(), I cant take it work with 443, but 80 will work okay. I need suggestion with c-lang based squid code. > >* "ssl bumped" traffic is handled by httpReadReply() because the 'bump' >stages decrypt the tunnel bytes and Squid handles the decrypted stream >as https:// inbound traffic. > >> 2) What if I make a filter in aclParseAclLine as case and add similar >> case in aclMatchAcl. >> But in aclMatchAcl it didn't work. i.e. it newer hit this case in >> aclMatchAcl, but in config I make it as usuall... >> acl FLT new_filter /file >> ..... >> http_access deny FLT > >If you are dealing with HTTPS port 443 encrypted traffic (first case >above) there is *only* the CONNECT request and 200 OK response for >setting up the tunnel. None of the _multiple_ requests inside the >encrypted tunnel are seen by Squid. > >Amos No, that second question. I can't found place where I can start use >readed from sqiud.conf access-list. >
---------------------------------------------------------------------- ----------------------------------------------------------------------
