On 8/10/2013 8:07 a.m., Jury Bogdanov wrote:
Yeah, you was right. When I replaced
ssl_bump server-fist vk
With
ssl_bump server-first all
it works. But I can't understand how to fix that. I don't want bump
all connections.
That change was just a test to verify Alex theory was correct.
For the final config you need to find some ACL condition or test that
matches the traffic you want to match. You can do so with mutiple
ssl_bump lines and/or ACLs if necessary.
The specifics are up to you, but it sounds like to need to isolate the
IP's for that domain and permit bumping for them as well as for its
domain name.
Amos
