Search squid archive

Assistance with knowing what I'm really trying to do

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



A weird question....I guess I need to find out exactly what I'm wanting
before going further with trying to get peek to work.  So here's a small
example of what I currently have.  From my .conf file:

acl broken_sites dst 23.192.0.0/11
http_access allow broken_sites
ssl_bump splice broken_sites

logformat common %>a %[ui %[un [%tl] "%rm %ru HTTP/%rv" %>Hs %<st %Ss:%
Sh %ssl::>cert_subject

This currently works (no cert_subject though)...log entry shown:

Nov  2 14:23:24 gateway (squid-1): 192.168.1.102 - -
[02/Nov/2014:14:23:24 -0700] "CONNECT 23.211.233.155:443 HTTP/1.1" 200
4229 TCP_TUNNEL:ORIGINAL_DST -

Now this is required as the above will not function if bumped.

At work, we use a commercial proxy which we do not use any ssl
inspection.  These connections show up as, for example:

tcp://www.whateversite.com  TCP_DENIED

And that's what I'm hoping to achieve here...determine what the site is,
and allow or denied it, without having to actually do any SSL
inspection.  Will peek/stare accomplish this?  Or am I restricted to
bump/inspection only, which for a fair amount of sites (facebook,
instagram, google mail, etc) does not work.  Thanks all...I appreciate
any advice.

James

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users





[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux