2026-01-14

squidadm · squidadm · commit 832d789c59eb · 2026-01-14T18:32:07.000Z
diff --git a/squid-users/2026-January.txt b/squid-users/2026-January.txt
@@ -2031,3 +2031,101 @@ Alex.
 > 
 
 
+From rousskov at measurement-factory.com  Wed Jan 14 15:14:25 2026
+From: rousskov at measurement-factory.com (Alex Rousskov)
+Date: Wed, 14 Jan 2026 10:14:25 -0500
+Subject: [squid-users] Squid integration with Netskope forward to proxy
+In-Reply-To: <CADAqQfw=rF2NBtTNPvADZbLPh7wNL5i-xsLLnPJbLmJTDBCWzw@mail.gmail.com>
+References: <CADAqQfwgPPK-qEFjp8kJzn30GqyKTpefLmA8xm0S76eqQuab4A@mail.gmail.com>
+ <aWS0bVL4_t0a26gP@fantomas.sk>
+ <02fb7c5d-1f96-4e21-aee6-f19d8ba92227@treenet.co.nz>
+ <CADAqQfw=rF2NBtTNPvADZbLPh7wNL5i-xsLLnPJbLmJTDBCWzw@mail.gmail.com>
+Message-ID: <4e8c3148-4508-426d-b152-715cc27ea55f@measurement-factory.com>
+
+On 2026-01-13 07:45, Ben Goz wrote:
+
+> I'm using ssl-bump it's cooperate?with https_port?
+
+* https_port in an "intercept" or "tproxy" mode supports SslBump (and 
+requires an "ssl-bump" option).
+
+* https_port in other modes, including the default forward proxy mode, 
+does not support SslBump (and prohibits an "ssl-bump" option).
+
+Squid will correctly reject unsupported configurations, but the 
+corresponding documentation is missing. That is a known Squid bug:
+https://bugs.squid-cache.org/show_bug.cgi?id=5092
+
+We tried to fix that documentation bug, but failed:
+https://github.com/squid-cache/squid/pull/1981
+
+Alex.
+
+
+> ??????? ??? ??, 12 ????? 2026 ?-19:12 ??? ?Amos Jeffries?? 
+> <?squid3 at treenet.co.nz <mailto:squid3 at treenet.co.nz>??>:?
+> 
+>     On 12/01/2026 21:44, Matus UHLAR - fantomas wrote:
+>      > On 11.01.26 16:58, Ben Goz wrote:
+>      >> My customer netskope cloud configures forward to proxy to my
+>     squid proxy.
+>      >> The forwarding works only if Netskope's ssl decryption disabled,
+>     If ssl
+>      >> decryption enabled
+>      >> I can't see in the access log the traffic forwards to squid from
+>      >> Netskope.
+>      >>
+>      >> I suspect that Netskope forwards encrypted data to squid but I'm
+>     not sure
+>      >> that is the case because the Connect request is never encrypted
+>     and I
+>      >> don't
+>      >> see it on the access log.
+>      >
+>      >
+>      >> Anyones know how Netskope and squid can work together without
+>     disabling
+>      >> Netskope decryption (MITM)?
+>      >
+>      > This is completely issue of netskope proxy.
+>      >
+>      > If netskope proxy decides to forward or not to forward request to
+>     squid,
+>      > squid can't do anything with it.
+> 
+> 
+>     Nod. If there is no CONNECT tunnel request reaching Squid then it is
+>     not
+>     being forwarded in the classical "over-HTTP" way.
+> 
+>     I would check to see what is happening on port 443 when the traffic is
+>     "forwarded". HTTPS may actually be routed rather than relayed/proxied.
+>     Or perhapse it is being sent to some other port number, though how to
+>     find that may require asking your customer or Netskope directly for
+>     more
+>     details on how it is setup there.
+> 
+> 
+>     FWIW, Squid can receive HTTPS/443 traffic fine. Just use "https_port"
+>     (note the 's') to receive it instead of the regular HTTP port, and will
+>     need a SSL server certificate (can be self-signed) for your Squid which
+>     the customer software trusts.
+> 
+> 
+>     HTH
+>     Amos
+> 
+>     _______________________________________________
+>     squid-users mailing list
+>     squid-users at lists.squid-cache.org
+>     <mailto:squid-users at lists.squid-cache.org>
+>     https://lists.squid-cache.org/listinfo/squid-users
+>     <https://lists.squid-cache.org/listinfo/squid-users>
+> 
+> 
+> _______________________________________________
+> squid-users mailing list
+> squid-users at lists.squid-cache.org
+> https://lists.squid-cache.org/listinfo/squid-users
+
+
diff --git a/squid-users/2026-January/027741.html b/squid-users/2026-January/027741.html
@@ -12,7 +12,7 @@
            }
    </style>
    <META http-equiv="Content-Type" content="text/html; charset=us-ascii">
-   <LINK REL="Previous"  HREF="027757.html">
+   <LINK REL="Previous"  HREF="027760.html">
    <LINK REL="Next"  HREF="027744.html">
  </HEAD>
  <BODY BGCOLOR="#ffffff">
@@ -23,7 +23,7 @@ <H1>[squid-users] Can I safely increase MAX_URL to 12KByte?</H1>
        </A><BR>
     <I>Mon Jan 12 07:23:32 UTC 2026</I>
     <P><UL>
-        <LI>Previous message (by thread): <A HREF="027757.html">[squid-users] Squid integration with Netskope forward to proxy
+        <LI>Previous message (by thread): <A HREF="027760.html">[squid-users] Squid integration with Netskope forward to proxy
 </A></li>
         <LI>Next message (by thread): <A HREF="027744.html">[squid-users] Can I safely increase MAX_URL to 12KByte?
 </A></li>
@@ -74,11 +74,12 @@ <H1>[squid-users] Can I safely increase MAX_URL to 12KByte?</H1>
 
 
 
+
 <!--endarticle-->
     <HR>
     <P><UL>
         <!--threads-->
-	<LI>Previous message (by thread): <A HREF="027757.html">[squid-users] Squid integration with Netskope forward to proxy
+	<LI>Previous message (by thread): <A HREF="027760.html">[squid-users] Squid integration with Netskope forward to proxy
 </A></li>
 	<LI>Next message (by thread): <A HREF="027744.html">[squid-users] Can I safely increase MAX_URL to 12KByte?
 </A></li>
diff --git a/squid-users/2026-January/027744.html b/squid-users/2026-January/027744.html
@@ -76,6 +76,7 @@ <H1>[squid-users] Can I safely increase MAX_URL to 12KByte?</H1>
 
 
 
+
 <!--endarticle-->
     <HR>
     <P><UL>
diff --git a/squid-users/2026-January/027757.html b/squid-users/2026-January/027757.html
@@ -13,7 +13,7 @@
    </style>
    <META http-equiv="Content-Type" content="text/html; charset=us-ascii">
    <LINK REL="Previous"  HREF="027746.html">
-   <LINK REL="Next"  HREF="027741.html">
+   <LINK REL="Next"  HREF="027760.html">
  </HEAD>
  <BODY BGCOLOR="#ffffff">
    <H1>[squid-users] Squid integration with Netskope forward to proxy</H1>
@@ -25,7 +25,7 @@ <H1>[squid-users] Squid integration with Netskope forward to proxy</H1>
     <P><UL>
         <LI>Previous message (by thread): <A HREF="027746.html">[squid-users] Squid integration with Netskope forward to proxy
 </A></li>
-        <LI>Next message (by thread): <A HREF="027741.html">[squid-users] Can I safely increase MAX_URL to 12KByte?
+        <LI>Next message (by thread): <A HREF="027760.html">[squid-users] Squid integration with Netskope forward to proxy
 </A></li>
          <LI> <B>Messages sorted by:</B> 
               <a href="date.html#27757">[ date ]</a>
@@ -98,13 +98,14 @@ <H1>[squid-users] Squid integration with Netskope forward to proxy</H1>
 
 
 
+
 <!--endarticle-->
     <HR>
     <P><UL>
         <!--threads-->
 	<LI>Previous message (by thread): <A HREF="027746.html">[squid-users] Squid integration with Netskope forward to proxy
 </A></li>
-	<LI>Next message (by thread): <A HREF="027741.html">[squid-users] Can I safely increase MAX_URL to 12KByte?
+	<LI>Next message (by thread): <A HREF="027760.html">[squid-users] Squid integration with Netskope forward to proxy
 </A></li>
          <LI> <B>Messages sorted by:</B> 
               <a href="date.html#27757">[ date ]</a>
diff --git a/squid-users/2026-January/027760.html b/squid-users/2026-January/027760.html
@@ -0,0 +1,146 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<HTML>
+ <HEAD>
+   <TITLE> [squid-users] Squid integration with Netskope forward to proxy
+   </TITLE>
+   <LINK REL="Index" HREF="index.html" >
+   <LINK REL="made" HREF="mailto:squid-users%40lists.squid-cache.org?Subject=Re%3A%20%5Bsquid-users%5D%20Squid%20integration%20with%20Netskope%20forward%20to%20proxy&In-Reply-To=%3C4e8c3148-4508-426d-b152-715cc27ea55f%40measurement-factory.com%3E">
+   <META NAME="robots" CONTENT="index,nofollow">
+   <style type="text/css">
+       pre {
+           white-space: pre-wrap;       /* css-2.1, curent FF, Opera, Safari */
+           }
+   </style>
+   <META http-equiv="Content-Type" content="text/html; charset=us-ascii">
+   <LINK REL="Previous"  HREF="027757.html">
+   <LINK REL="Next"  HREF="027741.html">
+ </HEAD>
+ <BODY BGCOLOR="#ffffff">
+   <H1>[squid-users] Squid integration with Netskope forward to proxy</H1>
+    <B>Alex Rousskov</B> 
+    <A HREF="mailto:squid-users%40lists.squid-cache.org?Subject=Re%3A%20%5Bsquid-users%5D%20Squid%20integration%20with%20Netskope%20forward%20to%20proxy&In-Reply-To=%3C4e8c3148-4508-426d-b152-715cc27ea55f%40measurement-factory.com%3E"
+       TITLE="[squid-users] Squid integration with Netskope forward to proxy">rousskov at measurement-factory.com
+       </A><BR>
+    <I>Wed Jan 14 15:14:25 UTC 2026</I>
+    <P><UL>
+        <LI>Previous message (by thread): <A HREF="027757.html">[squid-users] Squid integration with Netskope forward to proxy
+</A></li>
+        <LI>Next message (by thread): <A HREF="027741.html">[squid-users] Can I safely increase MAX_URL to 12KByte?
+</A></li>
+         <LI> <B>Messages sorted by:</B> 
+              <a href="date.html#27760">[ date ]</a>
+              <a href="thread.html#27760">[ thread ]</a>
+              <a href="subject.html#27760">[ subject ]</a>
+              <a href="author.html#27760">[ author ]</a>
+         </LI>
+       </UL>
+    <HR>  
+<!--beginarticle-->
+<PRE>On 2026-01-13 07:45, Ben Goz wrote:
+
+&gt;<i> I'm using ssl-bump it's cooperate&#160;with https_port?
+</I>
+* https_port in an &quot;intercept&quot; or &quot;tproxy&quot; mode supports SslBump (and 
+requires an &quot;ssl-bump&quot; option).
+
+* https_port in other modes, including the default forward proxy mode, 
+does not support SslBump (and prohibits an &quot;ssl-bump&quot; option).
+
+Squid will correctly reject unsupported configurations, but the 
+corresponding documentation is missing. That is a known Squid bug:
+<A HREF="https://bugs.squid-cache.org/show_bug.cgi?id=5092">https://bugs.squid-cache.org/show_bug.cgi?id=5092</A>
+
+We tried to fix that documentation bug, but failed:
+<A HREF="https://github.com/squid-cache/squid/pull/1981">https://github.com/squid-cache/squid/pull/1981</A>
+
+Alex.
+
+
+&gt;<i> &#8235;&#1489;&#1514;&#1488;&#1512;&#1497;&#1498; &#1497;&#1493;&#1501; &#1489;&#1523;, 12 &#1489;&#1497;&#1504;&#1493;&#1523; 2026 &#1489;-19:12 &#1502;&#1488;&#1514; &#8234;Amos Jeffries&#8236;&#8207; 
+</I>&gt;<i> &lt;&#8234;<A HREF="https://lists.squid-cache.org/listinfo/squid-users">squid3 at treenet.co.nz</A> &lt;mailto:<A HREF="https://lists.squid-cache.org/listinfo/squid-users">squid3 at treenet.co.nz</A>&gt;&#8236;&#8207;&gt;:&#8236;
+</I>&gt;<i> 
+</I>&gt;<i>     On 12/01/2026 21:44, Matus UHLAR - fantomas wrote:
+</I>&gt;<i>      &gt; On 11.01.26 16:58, Ben Goz wrote:
+</I>&gt;<i>      &gt;&gt; My customer netskope cloud configures forward to proxy to my
+</I>&gt;<i>     squid proxy.
+</I>&gt;<i>      &gt;&gt; The forwarding works only if Netskope's ssl decryption disabled,
+</I>&gt;<i>     If ssl
+</I>&gt;<i>      &gt;&gt; decryption enabled
+</I>&gt;<i>      &gt;&gt; I can't see in the access log the traffic forwards to squid from
+</I>&gt;<i>      &gt;&gt; Netskope.
+</I>&gt;<i>      &gt;&gt;
+</I>&gt;<i>      &gt;&gt; I suspect that Netskope forwards encrypted data to squid but I'm
+</I>&gt;<i>     not sure
+</I>&gt;<i>      &gt;&gt; that is the case because the Connect request is never encrypted
+</I>&gt;<i>     and I
+</I>&gt;<i>      &gt;&gt; don't
+</I>&gt;<i>      &gt;&gt; see it on the access log.
+</I>&gt;<i>      &gt;
+</I>&gt;<i>      &gt;
+</I>&gt;<i>      &gt;&gt; Anyones know how Netskope and squid can work together without
+</I>&gt;<i>     disabling
+</I>&gt;<i>      &gt;&gt; Netskope decryption (MITM)?
+</I>&gt;<i>      &gt;
+</I>&gt;<i>      &gt; This is completely issue of netskope proxy.
+</I>&gt;<i>      &gt;
+</I>&gt;<i>      &gt; If netskope proxy decides to forward or not to forward request to
+</I>&gt;<i>     squid,
+</I>&gt;<i>      &gt; squid can't do anything with it.
+</I>&gt;<i> 
+</I>&gt;<i> 
+</I>&gt;<i>     Nod. If there is no CONNECT tunnel request reaching Squid then it is
+</I>&gt;<i>     not
+</I>&gt;<i>     being forwarded in the classical &quot;over-HTTP&quot; way.
+</I>&gt;<i> 
+</I>&gt;<i>     I would check to see what is happening on port 443 when the traffic is
+</I>&gt;<i>     &quot;forwarded&quot;. HTTPS may actually be routed rather than relayed/proxied.
+</I>&gt;<i>     Or perhapse it is being sent to some other port number, though how to
+</I>&gt;<i>     find that may require asking your customer or Netskope directly for
+</I>&gt;<i>     more
+</I>&gt;<i>     details on how it is setup there.
+</I>&gt;<i> 
+</I>&gt;<i> 
+</I>&gt;<i>     FWIW, Squid can receive HTTPS/443 traffic fine. Just use &quot;https_port&quot;
+</I>&gt;<i>     (note the 's') to receive it instead of the regular HTTP port, and will
+</I>&gt;<i>     need a SSL server certificate (can be self-signed) for your Squid which
+</I>&gt;<i>     the customer software trusts.
+</I>&gt;<i> 
+</I>&gt;<i> 
+</I>&gt;<i>     HTH
+</I>&gt;<i>     Amos
+</I>&gt;<i> 
+</I>&gt;<i>     _______________________________________________
+</I>&gt;<i>     squid-users mailing list
+</I>&gt;<i>     <A HREF="https://lists.squid-cache.org/listinfo/squid-users">squid-users at lists.squid-cache.org</A>
+</I>&gt;<i>     &lt;mailto:<A HREF="https://lists.squid-cache.org/listinfo/squid-users">squid-users at lists.squid-cache.org</A>&gt;
+</I>&gt;<i>     <A HREF="https://lists.squid-cache.org/listinfo/squid-users">https://lists.squid-cache.org/listinfo/squid-users</A>
+</I>&gt;<i>     &lt;<A HREF="https://lists.squid-cache.org/listinfo/squid-users">https://lists.squid-cache.org/listinfo/squid-users</A>&gt;
+</I>&gt;<i> 
+</I>&gt;<i> 
+</I>&gt;<i> _______________________________________________
+</I>&gt;<i> squid-users mailing list
+</I>&gt;<i> <A HREF="https://lists.squid-cache.org/listinfo/squid-users">squid-users at lists.squid-cache.org</A>
+</I>&gt;<i> <A HREF="https://lists.squid-cache.org/listinfo/squid-users">https://lists.squid-cache.org/listinfo/squid-users</A>
+</I>
+</PRE>
+
+<!--endarticle-->
+    <HR>
+    <P><UL>
+        <!--threads-->
+	<LI>Previous message (by thread): <A HREF="027757.html">[squid-users] Squid integration with Netskope forward to proxy
+</A></li>
+	<LI>Next message (by thread): <A HREF="027741.html">[squid-users] Can I safely increase MAX_URL to 12KByte?
+</A></li>
+         <LI> <B>Messages sorted by:</B> 
+              <a href="date.html#27760">[ date ]</a>
+              <a href="thread.html#27760">[ thread ]</a>
+              <a href="subject.html#27760">[ subject ]</a>
+              <a href="author.html#27760">[ author ]</a>
+         </LI>
+       </UL>
+
+<hr>
+<a href="https://lists.squid-cache.org/listinfo/squid-users">More information about the squid-users
+mailing list</a><br>
+</body></html>
diff --git a/squid-users/2026-January/author.html b/squid-users/2026-January/author.html
@@ -19,8 +19,8 @@ <h1>January 2026 Archives by author</h1>
                     </a></b></li>
       </ul>
       <p><b>Starting:</b> <i>Sun Jan  4 01:35:40 UTC 2026</i><br>
-         <b>Ending:</b> <i>Tue Jan 13 20:59:05 UTC 2026</i><br>
-         <b>Messages:</b> 27<p>
+         <b>Ending:</b> <i>Wed Jan 14 15:14:25 UTC 2026</i><br>
+         <b>Messages:</b> 28<p>
      <ul>
 
 <LI><A HREF="027754.html">[squid-users] peer-select.cc, cache_peer and dns queries
@@ -103,6 +103,11 @@ <h1>January 2026 Archives by author</h1>
 <I>Alex Rousskov
 </I>
 
+<LI><A HREF="027760.html">[squid-users] Squid integration with Netskope forward to proxy
+</A><A NAME="27760">&nbsp;</A>
+<I>Alex Rousskov
+</I>
+
 <LI><A HREF="027734.html">[squid-users] Running squid in a network namespace
 </A><A NAME="27734">&nbsp;</A>
 <I>Robert 'Bobby' Zenz
@@ -161,8 +166,8 @@ <h1>January 2026 Archives by author</h1>
     </ul>
     <p>
       <a name="end"><b>Last message date:</b></a> 
-       <i>Tue Jan 13 20:59:05 UTC 2026</i><br>
-    <b>Archived on:</b> <i>Tue Jan 13 20:59:08 UTC 2026</i>
+       <i>Wed Jan 14 15:14:25 UTC 2026</i><br>
+    <b>Archived on:</b> <i>Wed Jan 14 15:14:30 UTC 2026</i>
     <p>
    <ul>
          <li> <b>Messages sorted by:</b>
diff --git a/squid-users/2026-January/date.html b/squid-users/2026-January/date.html
@@ -19,8 +19,8 @@ <h1>January 2026 Archives by date</h1>
                     </a></b></li>
       </ul>
       <p><b>Starting:</b> <i>Sun Jan  4 01:35:40 UTC 2026</i><br>
-         <b>Ending:</b> <i>Tue Jan 13 20:59:05 UTC 2026</i><br>
-         <b>Messages:</b> 27<p>
+         <b>Ending:</b> <i>Wed Jan 14 15:14:25 UTC 2026</i><br>
+         <b>Messages:</b> 28<p>
      <ul>
 
 <LI><A HREF="027733.html">[squid-users] Running squid in a network namespace
@@ -156,13 +156,18 @@ <h1>January 2026 Archives by date</h1>
 <LI><A HREF="027759.html">[squid-users] peer-select.cc, cache_peer and dns queries
 </A><A NAME="27759">&nbsp;</A>
 <I>Alex Rousskov
+</I>
+
+<LI><A HREF="027760.html">[squid-users] Squid integration with Netskope forward to proxy
+</A><A NAME="27760">&nbsp;</A>
+<I>Alex Rousskov
 </I>
 
     </ul>
     <p>
       <a name="end"><b>Last message date:</b></a> 
-       <i>Tue Jan 13 20:59:05 UTC 2026</i><br>
-    <b>Archived on:</b> <i>Tue Jan 13 20:59:08 UTC 2026</i>
+       <i>Wed Jan 14 15:14:25 UTC 2026</i><br>
+    <b>Archived on:</b> <i>Wed Jan 14 15:14:30 UTC 2026</i>
     <p>
    <ul>
          <li> <b>Messages sorted by:</b>
diff --git a/squid-users/2026-January/subject.html b/squid-users/2026-January/subject.html
diff --git a/squid-users/2026-January/thread.html b/squid-users/2026-January/thread.html
diff --git a/squid-users/index.html b/squid-users/index.html

-Original file line number
+Diff line change
++
 <!--endarticle-->
     <HR>
     <P><UL>