You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
>> Further, all code for mimicking(inheriting) certificate properties of
746
+
>> origin server should be involved only when step2 is a peek/stare
747
+
>> mode.
748
+
>> > Does this match ideal logic behind sslbump in squid project?
749
+
750
+
> I hesitate calling any related logic "ideal", but I am not sure that current Squid works or should work the way you describe. AFAICT, according to SslPeekAndSplice, after step1, Squid interprets "bump" as
751
+
752
+
> * "talk to the server and then respond to the client" rather than
753
+
> * "respond to the client and then talk to the server".
754
+
755
+
756
+
Yes, I'm interesting how Squid should work.
757
+
If a bump after step1 defined as "talk to the server and then respond to the client" consequently Squid should not allow any "client-first" modes.
758
+
Otherwise term "bump" in configuration must be redefined or have to be interpreted conditionally.
759
+
760
+
761
+
--
762
+
Best regards,
763
+
Anthony
764
+
765
+
766
+
From anthony.pankov at yahoo.com Thu Apr 16 11:51:02 2026
767
+
From: anthony.pankov at yahoo.com (Anthony Pankov)
768
+
Date: Thu, 16 Apr 2026 14:51:02 +0300
769
+
Subject: [squid-dev] form PROXY header for cache_peer requests
I didn't find how to instruct Squid to form PROXY header for request going to parent cache_peer.
776
+
777
+
Moreover, briefly looking at a code I found parsing PROXY protocol header but not found where it formed to prepend request to cache_peer.
778
+
779
+
Google AI said:
780
+
To make a Squid cache send the PROXY protocol (v1 or v2) to a peer connection, add the???`proxy-out`???option to the???`cache_peer`???directive in???`squid.conf`. This enables sending the client's original IP address information to the parent or sibling proxy.
TITLE="[squid-dev] forward bumped traffic to parent in plain form">anthony.pankov at yahoo.com
23
+
</A><BR>
24
+
<I>Thu Apr 16 11:41:21 UTC 2026</I>
25
+
<P><UL>
26
+
<LI>Previous message (by thread): <AHREF="010008.html">[squid-dev] forward bumped traffic to parent in plain form
27
+
</A></li>
28
+
<LI>Next message (by thread): <AHREF="010010.html">[squid-dev] form PROXY header for cache_peer requests
29
+
</A></li>
30
+
<LI><B>Messages sorted by:</B>
31
+
<ahref="date.html#10009">[ date ]</a>
32
+
<ahref="thread.html#10009">[ thread ]</a>
33
+
<ahref="subject.html#10009">[ subject ]</a>
34
+
<ahref="author.html#10009">[ author ]</a>
35
+
</LI>
36
+
</UL>
37
+
<HR>
38
+
<!--beginarticle-->
39
+
<PRE>Hello Alex,
40
+
41
+
>><i> Further, all code for mimicking(inheriting) certificate properties of
42
+
</I>>><i> origin server should be involved only when step2 is a peek/stare
43
+
</I>>><i> mode.
44
+
</I>>><i> > Does this match ideal logic behind sslbump in squid project?
45
+
</I>
46
+
><i> I hesitate calling any related logic "ideal", but I am not sure that current Squid works or should work the way you describe. AFAICT, according to SslPeekAndSplice, after step1, Squid interprets "bump" as
47
+
</I>
48
+
><i> * "talk to the server and then respond to the client" rather than
49
+
</I>><i> * "respond to the client and then talk to the server".
50
+
</I>
51
+
52
+
Yes, I'm interesting how Squid should work.
53
+
If a bump after step1 defined as "talk to the server and then respond to the client" consequently Squid should not allow any "client-first" modes.
54
+
Otherwise term "bump" in configuration must be redefined or have to be interpreted conditionally.
55
+
56
+
57
+
--
58
+
Best regards,
59
+
Anthony
60
+
61
+
</PRE>
62
+
63
+
64
+
<!--endarticle-->
65
+
<HR>
66
+
<P><UL>
67
+
<!--threads-->
68
+
<LI>Previous message (by thread): <AHREF="010008.html">[squid-dev] forward bumped traffic to parent in plain form
69
+
</A></li>
70
+
<LI>Next message (by thread): <AHREF="010010.html">[squid-dev] form PROXY header for cache_peer requests
71
+
</A></li>
72
+
<LI><B>Messages sorted by:</B>
73
+
<ahref="date.html#10009">[ date ]</a>
74
+
<ahref="thread.html#10009">[ thread ]</a>
75
+
<ahref="subject.html#10009">[ subject ]</a>
76
+
<ahref="author.html#10009">[ author ]</a>
77
+
</LI>
78
+
</UL>
79
+
80
+
<hr>
81
+
<ahref="https://lists.squid-cache.org/listinfo/squid-dev">More information about the squid-dev
TITLE="[squid-dev] form PROXY header for cache_peer requests">anthony.pankov at yahoo.com
23
+
</A><BR>
24
+
<I>Thu Apr 16 11:51:02 UTC 2026</I>
25
+
<P><UL>
26
+
<LI>Previous message (by thread): <AHREF="010009.html">[squid-dev] forward bumped traffic to parent in plain form
27
+
</A></li>
28
+
29
+
<LI><B>Messages sorted by:</B>
30
+
<ahref="date.html#10010">[ date ]</a>
31
+
<ahref="thread.html#10010">[ thread ]</a>
32
+
<ahref="subject.html#10010">[ subject ]</a>
33
+
<ahref="author.html#10010">[ author ]</a>
34
+
</LI>
35
+
</UL>
36
+
<HR>
37
+
<!--beginarticle-->
38
+
<PRE>Hello,
39
+
40
+
I didn't find how to instruct Squid to form PROXY header for request going to parent cache_peer.
41
+
42
+
Moreover, briefly looking at a code I found parsing PROXY protocol header but not found where it formed to prepend request to cache_peer.
43
+
44
+
Google AI said:
45
+
To make a Squid cache send the PROXY protocol (v1 or v2) to a peer connection, add the�`proxy-out`�option to the�`cache_peer`�directive in�`squid.conf`. This enables sending the client's original IP address information to the parent or sibling proxy.
46
+
47
+
But it seems to be a sweet hallucination.
48
+
49
+
Can somebody bring clarity to the subject?
50
+
51
+
--
52
+
Best regards,
53
+
Anthony mailto:<AHREF="https://lists.squid-cache.org/listinfo/squid-dev">anthony.pankov at yahoo.com</A>
54
+
55
+
</PRE>
56
+
57
+
<!--endarticle-->
58
+
<HR>
59
+
<P><UL>
60
+
<!--threads-->
61
+
<LI>Previous message (by thread): <AHREF="010009.html">[squid-dev] forward bumped traffic to parent in plain form
62
+
</A></li>
63
+
64
+
<LI><B>Messages sorted by:</B>
65
+
<ahref="date.html#10010">[ date ]</a>
66
+
<ahref="thread.html#10010">[ thread ]</a>
67
+
<ahref="subject.html#10010">[ subject ]</a>
68
+
<ahref="author.html#10010">[ author ]</a>
69
+
</LI>
70
+
</UL>
71
+
72
+
<hr>
73
+
<ahref="https://lists.squid-cache.org/listinfo/squid-dev">More information about the squid-dev
0 commit comments