-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Show piece of allowed_domains file. 22.10.15 2:29, luizcasey@xxxxxxxxx пишет: > Could you suggest a configuration that you think should be working ? I would like both HTTP/HTTPS domains whitelisted via file all other domains blocked. What am I missing ? My assumption here is the acl nobumpSites ssl::server_name "/etc/squid/git_allowed_domains/allowed_domains” part is not working for https but does work for http. > > #### LOG > 21/Oct/2015:16:24:45 -0400.062 28 X.X.X.X TCP_MISS/200 907 HEAD http://www.cnn.com/ - ORIGINAL_DST/23.235.39.73 text/html > 21/Oct/2015:16:25:12 -0400.515 0 X.X.X.X TAG_NONE/403 350 HEAD https://www.facebook.com/ - HIER_NONE/- text/html > > #### etc/squid/git_allowed_domains/allowed_domains" > .facebook.com > .cnn.com > > #### Squid.con > sslproxy_flags DONT_VERIFY_PEER > sslcrtd_program /usr/lib64/squid/ssl_crtd -s /home/squid/ssl_db -M 4MB > sslcrtd_children 50 > > https_port 4827 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/certs/squid.crt key=/etc/squid/certs/squid.key > http_port 3401 intercept > > logformat squid %tl.%03tu %6tr %>a %Ss/%03Hs %<st %rm %ru %[un %Sh/%<a %mt > access_log /var/log/squid/access.log squid > > cache deny all > > acl step1 at_step SslBump1 > acl nobumpSites ssl::server_name "/etc/squid/git_allowed_domains/allowed_domains” > # I even tried the follow just for https test and it still failed > # acl nobumpSites ssl::server_name .facebook.com > # 21/Oct/2015:16:27:45 -0400.733 0 10.159.3.194 TAG_NONE/403 350 HEAD https://www.facebook.com/ - HIER_NONE/- text/html > > ssl_bump peek step1 all > ssl_bump splice nobumpSites > ssl_bump bump > > acl http proto http > acl https proto https > acl port_80 port 80 > acl port_443 port 443 > > http_access allow http port_80 nobumpSites > http_access allow https port_443 nobumpSites > > http_access deny all > > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJWJ/ZVAAoJENNXIZxhPexGI/8H/0vLr5F4ejnNmJ55oUeGb2wv YIs/gIW73DEdcTidPYSPWnfz25VQ5rStfejrkWWoPDdHTQNwUWi8vd45TptxFXtK 3r6xnL9+f+2JLMXjrRB8buQW7i3B8xmvWHniMzMh9EWwicGJIPRzowz8ijaIyoYx ZpEh00NBLlHBJhu9EP81TVJauwqexbeRjjOmR8VLp7rEoeuWYXvR7D7Pcs5eNrKT XnzwNKI6ZWRYSq9rfRObMRL5EIkbXqAcvh6+2KaYYUFVy87zm5bojrJqgbM6NGXS 7AwydX4ef5jRsvmt9lgYZJ/fjdggRxUsN+EvdccvhYQrD/6Coec/H1L84MKLfqY= =2y9A -----END PGP SIGNATURE----- _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
