Amos Jeffries wrote on 06/04/2015 04:19 PM:
On 5/06/2015 1:45 a.m., Klavs Klavsen wrote:
after moving it here:
http_access allow okweb-urls testsrv1
http_access allow CONNECT bumpedPorts
http_access deny all
it still allows everything..
Sigh. Sorry I must be half aslep right now.
Your rules say:
allow ...
allow ...
allow ...
So why would anything be denied?
last line says: deny all
and it works for http urls.. it denies the websites not listed in
testurls for testsrv1.
Secondly, the log line you pointed out was for peek operation. URL (for
url_regex ACLs to match) is not known or available until bumping
(specifically the full "bump" action) has been completed.
but the "allow CONNECT" line, seems to make it skip the
http_access deny all
at the bottom.. (and not parse the allows in between which should be the
ones allowing certain websites on https as well..
do I need to change:
ssl_bump bump all
to list every https site
acl ok-httpsurls url_regex ^https://www.google.dk/$
ssl_bump bump ok-httpsurls
ssl_bump reject !ok-httpsurls
(so I an only use http_access for http intercept and must use ssl_bump
for https urls) ?
--
Regards,
Klavs Klavsen, GSEC - kl@xxxxxxx - http://www.vsen.dk - Tlf. 61281200
"Those who do not understand Unix are condemned to reinvent it, poorly."
--Henry Spencer
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
