RE: [squid-users] https interception some whitelisted sites not working properly

Thank you Eliezer for your quick answer. I've been struggling for many days to get this to work... Tested your recommendation and it worked like a charm!  ... ... acl broken_sites_ip dst a.b.c.d/xx acl broken_sites dstdomain "/etc/squid3/acl/ssl_whitelist.acl" always_direct allow broken_sites ssl_bump none localhost ssl_bump none broken_sites_ip ssl_bump none broken_sites  sslproxy_cert_error allow all sslproxy_flags DONT_VERIFY_PEER ssl_bump server-first all ... ... One last question: is it necessary the "always_direct" instruction? Thanks! > Date: Fri, 2 May 2014 00:55:03 +0300 > From: eliezer_at_ngtech.co.il > To: squid-users_at_squid-cache.org > Subject: Re: [squid-users] https interception some whitelisted sites not working properly > > Hey there, > > This was asked in the past month twice if i'm not wrong. > In the stage when you use ssl_bump.. squid dosn't have any sense of > dstdomain. > Means that when squid bumps and knows the site name the connection is > already bumped and knows about it but when you want to apply a whitelist > squid only works on the IP level. > So instead use iptables and\or squid "dst" as a whitelist level. > > Eliezer > > On 05/02/2014 12:21 AM, Ikna Nou wrote: >> acl broken_sites dstdomain "/etc/squid3/acl/ssl_whitelist.acl" > >
Received on Fri May 02 2014 - 15:47:49 MDT