Search squid archive

Re: Re: squid with qlproxy on fedora 20 not working for https traffic

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 12/06/2014 8:24 a.m., MrErr wrote:
> I got this working. The single change i made was adding the statement
> 
> ssl_bump server-first all
> 
> if i tried anything else other than "all" it did not work, https did
> filtering did not happen. Does anyone know if there is some kind of bug?


When server-first ACLs are tested for port 443 intercepted traffic Squid
has only pieces of information available:

1) client IP:port (src, src_regex, srcport ACLs - all, localnet
localhost work)

2) squid listening IP:port (myip, myport, and myportname ACL)

3) server IP:port the client tried connecting to (dst, dst_regex ACLs -
to_localhost works)

ssl_bump is a "fast" group ACL lookup so DNS resolution of those IP
address to domain names is not reliably available.


Your initial configuration relies on domain names being known,  "all"
depends on src IP being known.

Amos





[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux