RE: [squid-users] https interception some whitelisted sites not working properly

From: Ikna Nou <iknano_at_outlook.com>
Date: Fri, 2 May 2014 11:47:43 -0400

Thank you Eliezer for your quick answer. I've been struggling for many days to get this to work... Tested your recommendation and it worked like a charm!� ... ... acl broken_sites_ip dst a.b.c.d/xx acl broken_sites dstdomain "/etc/squid3/acl/ssl_whitelist.acl" always_direct allow broken_sites ssl_bump none localhost ssl_bump none broken_sites_ip ssl_bump none broken_sites� sslproxy_cert_error allow all sslproxy_flags DONT_VERIFY_PEER ssl_bump server-first all ... ... One last question: is it necessary the "always_direct" instruction? Thanks! > Date: Fri, 2 May 2014 00:55:03 +0300 > From: eliezer_at_ngtech.co.il > To: squid-users_at_squid-cache.org > Subject: Re: [squid-users] https interception some whitelisted sites not working properly > > Hey there, > > This was asked in the past month twice if i'm not wrong. > In the stage when you use ssl_bump.. squid dosn't have any sense of > dstdomain. > Means that when squid bumps and knows the site name the connection is > already bumped and knows about it but when you want to apply a whitelist > squid only works on the IP level. > So instead use iptables and\or squid "dst" as a whitelist level. > > Eliezer > > On 05/02/2014 12:21 AM, Ikna Nou wrote: >> acl broken_sites dstdomain "/etc/squid3/acl/ssl_whitelist.acl" > >
Received on Fri May 02 2014 - 15:47:49 MDT

This archive was generated by hypermail 2.2.0 : Sat May 03 2014 - 12:00:04 MDT