-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 02.02.2015 0:46, Amos Jeffries пишет: > On 2/02/2015 7:16 a.m., Yuri Voinov wrote: >> >> >> 01.02.2015 23:48, Walter H. пишет: >>> Hello, >> > <snip> > >>> acl ssl_bump_domains_bankingsites dstdomain banking.raiffeisen.at >> banking.ing-diba.at ebanking.easybank.at services.kepler.at >> www.kepler.at www.rcb.at >>> acl ssl_bump_domains_msftupdates dstdomain .update.microsoft.com >>> ssl_bump none ssl_bump_domains_bankingsites >>> ssl_bump none ssl_bump_domains_msftupdates >>> ssl_bump server-first all >> You do it wrong. You don't know site names BEFORE bump. >> > > No. His http_port settings are those which match a proxy being > configured explicitly in the brower, which means CONNECT messages with > domain name expected to be present. Oh, of course. I compare it with my interception configuration. :) But ip-based dst acl for bankings will works in any case. Just pass-through banking IP without bump - and, viola! - they works. Yes? > > > It might not be, which could be the problem. But that can only known by > looking at the CONNECT request message itself. > > Amos > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBAgAGBQJUznV4AAoJENNXIZxhPexGOuIIAIcq7xXlBk5UJ2cNkglcWH9s xwCYgpH7VyiG6z9rZk4BFOvOqmIPiCIx9izzgXkK5QssKgeCBB4fXt/bOnM3WDBO qEyA+awbMCfkPQExWd6LSNhDEqPAdhkUHnRmK+tKmhGPaipqJUsm5UH9cBTO2VdK ARrsfu/HR+DluwhUdE5Zem81H27iQmClD7NCrFiFsrDEAcMEDueVvKjYYUuYGwor f81lMcj2ZpnEF8Ogyo7mZOmIR3+nRlzJLLvpm0wIerFzfPOkZKqCtV9GQezlkKYf NStXj2ei33ZwwP/QGiv4SmjBQrTU6hRIZNuPk5B1yjkXyzEVpYfhW5xGT3fzKbU= =2JZO -----END PGP SIGNATURE----- _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
