Hello,
On 17.09.15 18:47, Yuri Voinov wrote:
acl NoSSLIntercept ssl::server_name_regex -i localhost \.icq\.* kaspi\.kz
ssl_bump splice NoSSLIntercept
# Privoxy+Tor access rules
never_direct allow tor_url
cache_peer_access 127.0.0.1 allow tor_url
18.09.15 21:22, Matus UHLAR - fantomas пишет:
I wonder if the never_direct and cache_peer_access should not use the same
acl as "ssl_bump splice".
On 20.09.15 20:59, Amos Jeffries wrote:
Maybe for values but ssl::server_name ACL may not work outside ssl_bump.
It might, or it might not be usable by the other *_access rules and
depends on whether the matching decisions for those rule sets is the
same for the ssl_bump ones. That latter condition is a big 'IF'.
I wonder how does this match. The SNI should be only seen when the https
connection is received, either by intercepting https or client using HTTPS
to connect proxy. on unintercepted HTTP port that received CONNECT request,
it would only see the CONNECT string, e.g. "CONNECT kaspi.kz:443", correct?
--
Matus UHLAR - fantomas, uhlar@xxxxxxxxxxx ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
One OS to rule them all, One OS to find them,
One OS to bring them all and into darkness bind them
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
