This post has NOT been accepted by the mailing list yet.
I have installed squid as a non-transparent proxy/cache server with --enable-ssl configuration. It is a child of a parent proxy server named proxy1.ut.ac.ir in our network which all computers in network must access Internet through it.
The new proxy server works well for HTTP URLs but has problem with HTTPS ones. For example, when I try to open www.gmail.com or https://www.google.com, the browser just stops after a very long time at this URL:
> Problem Solved!
> I've aksed this question in ServerFault and find a solution by just adding
> these lines in squid.conf:
> acl CONNECT method CONNECT
> acl POST method POST
> never_direct allow CONNECT
> never_direct allow POST
> But i still don't understand this behaviour of squid:
> Why should we add these lines for CONNECT and POST method explicity while
> GET method works correctly without such settings?
> Is this default behaviour of squid or what?
Sounds like you should really have
never_direct allow all
What is happening is that Squid by default acts somewhat differently
depending on if it thinks the response may be possible to cache. If it
knows that the response won't be possible to cache then it selects the
shortest possible path to retrieve the requested object which is going
direct unless forbidden.
CONNECT/POST/etc (most non-HEAD/GET) can never be cached.
GET/HEAD depends on a number of factors. There is many kinds of GET
requests as well which Squid will consider non-cacheable and go direct
The never_direct directive is what you use to tune this when you need
requests forwarded even if it's worthless from a cache perspective.
never_direct tells Squid that it is not allowed to go direct and MUST
forward requests to a peer (usually parent peer). Used for example if
you are behinda firewall without direct connectivity, or otherwise MUST
use a parent proxy.