I may be missing something here, but it looks like ACL processing is
broken for at least some HTTPS requests in 3.2.

Example configuration:

acl useparent dstdomain domain.com

cache_peer 172.25.2.70 parent  8080 0 no-query name=parent01
connection-auth=off

cache_peer_access       parent01         allow useparent
cache_peer_access       parent01         deny all

# Included to see if it made any difference
always_direct   deny    useparent
always_direct   allow   all

Access over HTTP goes to the parent as expected, but HTTPS assess does not:

1345310649.623    644 10.0.0.1 TCP_MISS/200 8055 GET
http://www.domain.com/ - FIRSTUP_PARENT/172.25.2.70 text/html
1345310544.835   8536 10.0.0.1 TCP_MISS/200 3580 CONNECT
www.domain.com:443 - HIER_DIRECT/172.25.2.34 -

Also tried adding:
cache_peer_access       parent01         allow CONNECT useparent
but it made no difference.

Build options:
Squid Cache: Version 3.2.1
configure options:  '--prefix=/usr/local/squid'
'--infodir=/usr/local/info' '--mandir=/usr/local/man'
'--enable-async-io' '--enable-removal-policies=heap,lru'
'--disable-wccp' '--disable-wccpv2' '--disable-ident-lookups'
'--enable-linux-netfilter' '--with-large-files' '--disable-snmp'
'--disable-htcp' '--disable-ipv6' 'CFLAGS=-pipe -Wall -O2
-fomit-frame-pointer -march=native -s' 'CXXFLAGS=-pipe -Wall -O2
-fomit-frame-pointer -march=native -s'
'PKG_CONFIG_PATH=/usr/local/lib64/pkgconfig:/usr/lib64/pkgconfig'

Any suggestions, or this a bug in 3.2?

Andrew


Reply via email to