I would like to give my users the ability to "not bump" certain sites. I tried to use the examples given on the SSLPeekandSplice wiki page but can't get it to work.
This is a snippet of my squid.conf file.
https_port 192.168.10.1:808 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/var/smoothwall/mods/proxy/ssl_cert/squidCA.pemhttp_port 192.168.20.1:800 intercepthttps_port 192.168.20.1:808 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/var/smoothwall/mods/proxy/ssl_cert/squidCA.pemhttp_port 127.0.0.1:800 interceptsslproxy_cert_error allow allsslproxy_flags DONT_VERIFY_PEERsslproxy_session_cache_size 4 MBacl serverIsBank dstdomain wellsfargo.comssl_bump server-first allssl_bump none localhostgreenssl_bump none localhostpurplessl_bump splice serverIsBankssl_bump peek allssl_bump bump allsslcrtd_program /var/smoothwall/mods/proxy/libexec/ssl_crtd -s /var/smoothwall/mods/proxy/lib/ssl_db -M 4MBsslcrtd_children 5
When I start squid I don't get any error messages and all pages, http and https, load properly. The problem is, using the example above, the https://www.wellsfargo.com website is still getting bumped, evidenced by the appearance of the ssl website in the web proxy access logs. When I don't have ssl_bump enabled then no https websites appear in the access logs, as it should be. But, enabling ssl_bump and peek and splice, web sites that I am trying not to bump still seem to be getting bumped.
Any suggestions on how to properly "not bump" certain websites.
Thanks,
Stan
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
