Blog

Squid proxy as HTTP accelerator: CORS with never_direct, cache peers, and SSL bump implications

When Squid intercepts HTTPS, clients see a different trust chain—CORS origins must match the certificate presented to the browser.

Published: 2028-05-26Updated: 2028-05-281 min read

squidproxycors

ICP and HTCP

Sibling caches exchange hints—misconfigured peers can serve stale CORS responses.

Multicast ICP can amplify misroutes—monitor error rates during topology changes.

Layered ACLs for methods—ensure OPTIONS can reach the origin when GET is allowed.