# Squid ACL CONNECT method



## cesjr (Jan 16, 2017)

In the recently , I have been add a rule to pass traffic for facebook :

```
acl user_to_fb src "/usr/local/etc/squid/facebook"
acl facebook         dstdomain .facebook.com
http_access allow   CONNECT   user_to_fb   facebook
```
This is working fine .

And I add another rule for youtube

```
acl user_to_youtube src "/usr/local/etc/squid/youtube"
acl youtube                   dstdomain .youtube.com .googlevideo.com .ytimg.com .youtu.be
http_access allow  CONNECT   user_to_youtube   youtube
```
Unfortunately, no working !
So I change 
	
	



```
http_access allow  CONNECT   user_to_youtube   youtube
```
 to 
	
	



```
http_access allow  user_to_youtube   youtube
```
 ,and it works!
I think "CONNECT " should be represent allow connecttion from source to destination ,am I worng ?


----------



## SirDice (Jan 16, 2017)

cesjr said:


> I think "CONNECT " should be represent allow connection from source to destination, am I wrong?


No, it's to specifically allow the CONNECT method. 

https://en.wikipedia.org/wiki/HTTP_tunnel


----------



## cesjr (Jan 17, 2017)

SirDice said:


> No, it's to specifically allow the CONNECT method.
> 
> https://en.wikipedia.org/wiki/HTTP_tunnel


Thanks , I got it!
So, it is just allow the behavior of CONNECT method .
The client which is  behind an HTTP proxy can access SSL website . 
HTTP Proxy Server (unencrypted) > CONNECT method > SSL-encrypted.
I think youtube traffic is a UDP stream , so the CONNECT method(TCP) may limit the behaviour .


----------

