Could you suggest a configuration that you think should be working ? I would like both HTTP/HTTPS domains whitelisted via file all other domains blocked. What am I missing ? My assumption here is the acl nobumpSites ssl::server_name "/etc/squid/git_allowed_domains/allowed_domains” part is not working for https but does work for http. #### LOG 21/Oct/2015:16:24:45 -0400.062 28 X.X.X.X TCP_MISS/200 907 HEAD http://www.cnn.com/ - ORIGINAL_DST/23.235.39.73 text/html 21/Oct/2015:16:25:12 -0400.515 0 X.X.X.X TAG_NONE/403 350 HEAD https://www.facebook.com/ - HIER_NONE/- text/html #### etc/squid/git_allowed_domains/allowed_domains" .facebook.com .cnn.com #### Squid.con sslproxy_flags DONT_VERIFY_PEER sslcrtd_program /usr/lib64/squid/ssl_crtd -s /home/squid/ssl_db -M 4MB sslcrtd_children 50 https_port 4827 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/certs/squid.crt key=/etc/squid/certs/squid.key http_port 3401 intercept logformat squid %tl.%03tu %6tr %>a %Ss/%03Hs %<st %rm %ru %[un %Sh/%<a %mt access_log /var/log/squid/access.log squid cache deny all acl step1 at_step SslBump1 acl nobumpSites ssl::server_name "/etc/squid/git_allowed_domains/allowed_domains” # I even tried the follow just for https test and it still failed # acl nobumpSites ssl::server_name .facebook.com # 21/Oct/2015:16:27:45 -0400.733 0 10.159.3.194 TAG_NONE/403 350 HEAD https://www.facebook.com/ - HIER_NONE/- text/html ssl_bump peek step1 all ssl_bump splice nobumpSites ssl_bump bump acl http proto http acl https proto https acl port_80 port 80 acl port_443 port 443 http_access allow http port_80 nobumpSites http_access allow https port_443 nobumpSites http_access deny all _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
