|
Hi all, Working on squid 3.5.1 with HTTPS interception. Trying to make a peek/splice configuration to work and avoid bank bumping. Until now bumping is working fine but can’t avoid to bump sites on acl. All are bumped. Can anybody share a working configuration or take a look at mine to find why is not working. Thanks Josep Squid.conf: #HTTPS (SSL) trafic interception options sslcrtd_program /usr/lib/squid3/ssl_crtd -s /var/spool/squid3_ssldb -M 4MB sslcrtd_children 8 startup=1 idle=1 acl disable-ssl-bump dstdomain -i "/etc/squid3/no-ssl-bump.acl" acl step1 at_step SSLBump1 acl step2 at_step SSLBump2 acl step3 at_step SSLBump3 ssl_bump peek step1 all ssl_bump splice step2 disable-ssl-bump ssl_bump stare step2 all ssl_bump splice step3 disable-ssl-bump ssl_bump bump step3 all http_access allow all http_port 3128 http_port 8080 intercept https_port 8081 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid3/ssl_cert/squidcert.pem forward_max_tries 25 cache_mem 2 GB maximum_object_size_in_memory 25 MB maximum_object_size 1 GB visible_hostname squid-v2 workers 3 coredump_dir /var/spool/squid3 cache_replacement_policy heap LFUDA cache_dir rock /var/spool/squid3/cache1 4000 max-size=32000 cache_dir rock /var/spool/squid3/cache2 10000 refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 10080 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 80% 10080 # FortiGate interface of wccp wccp2_router 192.168.111.1 # wccp version 2 configuration wccp2_service standard 90 # tunneling method GRE for forward traffic wccp2_forwarding_method gre # tunneling method GRE for return traffic wccp2_return_method gre # which interface to use for WCCP (0.0.0.0 determines the interface from routing) wccp2_address 0.0.0.0 /etc/squid3/no-ssl-bump.acl file: .bancsabadell.com .lacaixa.com |
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
