[prev in list] [next in list] [prev in thread] [next in thread]
List: squid-users
Subject: Re: [squid-users] Bump and Splice
From: Amos Jeffries <squid3 () treenet ! co ! nz>
Date: 2020-02-20 11:20:37
Message-ID: 28f2079e-ca64-5476-52d8-4a7eac723ba5 () treenet ! co ! nz
[Download RAW message or body]
On 20/02/20 1:35 am, AndyBinder wrote:
>
> Currently i have 2 working bumping configurations (Squid 4.9):
>
> 1. Splice everything (working for blacklisting http and https sites without
> Bumping)
>
> ssl_bump peek bump_step1 all
> ssl_bump splice all
Following lines are unreachable. You can just erase from the config.
PS. Also you do not need the 'all' ACL on that first line.
> ssl_bump peek bump_step2 all
> ssl_bump splice bump_step3 all
> ssl_bump bump
>
> 2. Bump everything except bump_nobumpsites
>
> ssl_bump peek bump_step1 all
> ssl_bump peek bump_step2 bump_nobumpsites
> ssl_bump splice bump_step3 bump_nobumpsites
> ssl_bump stare bump_step2
> ssl_bump bump bump_step3
>
> Now i try to combine both of them into one configuration and want to decide
> weather bumping or splicing via the nametag of the port (=acl
> bump_nobumpport).
>
> Final wanted situation in words:
>
> Bump everything except bump_nobumpsites and bump_nobumpports, but the SNI must
> be visible to match agains blacklisted urls.
How important is that word "and" in your policy statement?
The config earlier used an OR condition:
ssl_bump peek bump_step2 bump_nobumpsites
ssl_bump peek bump_step2 bump_nobumpport
This would be AND condition:
ssl_bump peek bump_step2 bump_nobumpport bump_nobumpsites
>
> @Alex: I tried your configuration examples but the blacklisted urls won't match
> on https sites.
If you are matching *URLs* that is the problem. Only the domain name is
available during ssl_bump checks. The URL only appears after bumping,
and only from http_access onwards.
Amos
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic