I have discovered with
wireshark that when talking to a proxy
CONNECT. The difference is explained here: What is the difference between “CONNECT” and “GET HTTPS”?
Another answer mentions proxy chaining with
CONNECT. I think
GET cannot be chained, that’s why
Now, Wikipedia article about HTTP tunneling says the folowing about
Not all HTTP Proxy Servers support this feature, and even those that do, may limit the behaviour (for example only allowing connections to the default HTTPS port 443, or blocking traffic which doesn’t appear to be SSL).
Indeed, the Squid Cache Wiki states (emphasis mine):
It is important to notice that the protocols passed through
CONNECTare not limited to the ones Squid normally handles. Quite literally anything that uses a two-way TCP connection can be passed through a
CONNECTtunnel. This is why the Squid default ACLs start with
deny CONNECT !SSL_Portsand why you must have a very good reason to place any type of allow rule above them.
I guess your
squid.conf includes a line like this:
http_access deny CONNECT !SSL_Ports
I have found an answer that says it’s enough to comment this line out. Checked, it works. However, if you don’t want to punch such a big hole in your proxy then try to add the following three lines to your
acl myserver dst 192.168.2.4 acl myport port 80 http_access allow CONNECT myserver myport # the original uncommented line must be below, like this http_access deny CONNECT !SSL_Ports