I think I finally figured out how to not bump certain sites and to bump all others. I put this in squid.conf
acl step1 at_step SslBump1
acl step2 at_step SslBump2
acl nobumpSites ssl::server_name .wellsfargo.com
ssl_bump peek step1
ssl_bump splice step2 nobumpSites
ssl_bump bump all
acl step2 at_step SslBump2
acl nobumpSites ssl::server_name .wellsfargo.com
ssl_bump peek step1
ssl_bump splice step2 nobumpSites
ssl_bump bump all
When I check the access log I see that the wellsfargo.com com only appears as http://wellsfargo.com without any of the full URL but any other https site I see as, for example, https://yahoo.com with the full URL.
Are the lines in the squid.conf correct and is it doing what I want it do, which is to not bump the nobumpSites and bump all other sites that are not in nobumpSites?
On Wed, May 20, 2015 at 12:45 PM, Stanford Prescott <stan.prescott@xxxxxxxxx> wrote:
Never mind. I figured the acl out. I was using someone else's instructions who accidentally left out the double :: ssl::server_name using just a single :.On Wed, May 20, 2015 at 12:36 PM, Stanford Prescott <stan.prescott@xxxxxxxxx> wrote:Is the form of the acl incorrect?After a diversion getting SquidClamAV working, i am back to trying to get peek and splice working. I am trying to put together information from previous recommendations I have received. Right now, I can't get the server_name acl working. When I put this in my squid.confI get a fatal error starting squid using that acl saying the acl is "Bungled".
acl nobumpSites ssl:server_name .example.com
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
