Thank you Eliezer for your quick answer. I've been struggling for many days to get this to work...
Tested your recommendation and it worked like a charm!�
...
...
acl broken_sites_ip dst a.b.c.d/xx
acl broken_sites dstdomain "/etc/squid3/acl/ssl_whitelist.acl"
always_direct allow broken_sites
ssl_bump none localhost
ssl_bump none broken_sites_ip
ssl_bump none broken_sites�
sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEER
ssl_bump server-first all
...
...
One last question: is it necessary the "always_direct" instruction?
Thanks!
> Date: Fri, 2 May 2014 00:55:03 +0300
> From: eliezer_at_ngtech.co.il
> To: squid-users_at_squid-cache.org
> Subject: Re: [squid-users] https interception some whitelisted sites not working properly
>
> Hey there,
>
> This was asked in the past month twice if i'm not wrong.
> In the stage when you use ssl_bump.. squid dosn't have any sense of
> dstdomain.
> Means that when squid bumps and knows the site name the connection is
> already bumped and knows about it but when you want to apply a whitelist
> squid only works on the IP level.
> So instead use iptables and\or squid "dst" as a whitelist level.
>
> Eliezer
>
> On 05/02/2014 12:21 AM, Ikna Nou wrote:
>> acl broken_sites dstdomain "/etc/squid3/acl/ssl_whitelist.acl"
>
>
Received on Fri May 02 2014 - 15:47:49 MDT
This archive was generated by hypermail 2.2.0 : Sat May 03 2014 - 12:00:04 MDT