On 28/08/2012 7:14 p.m., Babelo Gmvsdm wrote:
Hi, I implemented https cache on my squid with sslbump, cert key etc... I don't use it in transparent mode because I want that my users are aware about this mechanism.
To leave your users aware of the problem, all you need to do is *not* distribute your signing CA certificate to them. They will get the untrusted cert message. This is true for both CONNECT bumping and native port 443 bumping.
It seems to work, but on some sites (live.com for instance) after accept the self signed cert, I have a blank page. The access log seems normal, and there is no error in cache log. Any clue of what could happen? Other question, is there any way to avoid some ssl sites to be cached?
"cache" access control list operates on everything regardless of how the request was received or processed by Squid. Use "cache deny" lines to specify what is not permitted to be cached. We don't yet have a specific ACL way to identify just the bumped requests though.
Amos
