Thanks Amos. "nonhierarchical_direct off" works well for the case.
and, The reason I use A as a brige to B is based on the bandwidth
concern mainly, the direct connection from clients to B is not that
enough.
Thanks all.
On Sat, Jan 14, 2012 at 2:03 PM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
> On 13/01/2012 4:03 p.m., Xizhen Du wrote:
>>
>> Hi all,
>>
>> I am quite new for squid, and now facing a case and no idea how to get it
>> work.
>>
>> There's 2 proxies:
>>
>> Proxy A: nearly a default setup, just configured cache_peer to B
>> Proxy B: as the parent for A, accepts the requests from A
>>
>> So the simple picture is that: Web clients ----> A ----> B, and it is
>> supposed that all web requests(http, https) are leaving from B to the
>> destionation servers.
>> Web browser on clients is with proxy A(for all protocals in settings
>> including https)
>>
>> Right now seeing all "http" request are forwarded to B as expected,
>> but those "https" are reaching outside from A directly, not over B.
>>
>> Any idea is appreciated, Thanks a lot!
>
>
> HTTPS is usually passed over HTTP in the form of CONNECT requests
> establishing a tunnel. It is far more efficient for Squid to simply open the
> tunnel and relay teh data down it than to relay both the tunenl and data
> inside via a peer. This is why it "reaches outside from A directly".
>
> You can use "nonhierarchical_direct off" to make these tunnels and a few
> otehr requets go through the peer.
>
> Amos
Received on Mon Jan 16 2012 - 07:30:09 MST
This archive was generated by hypermail 2.2.0 : Mon Jan 16 2012 - 12:00:02 MST