On 31/10/2015 5:36 a.m., Rodrigo de Lima Silva wrote: > Thanks for your reply Alex, > > I understood your considerations. Maybe, I really didn't understand very > well how the SslBump works, the differences between peek and splice and > steps SslBump1, 2 and 3. > > I'm searching and studing about this last two days, and I need to undertand > better about this questions. You may have found them already, but if not these wiki pages should help you understand a bit more. The particular one Alex and I think you need to understand is <http://wiki.squid-cache.org/SquidFaq/SquidAcl> which documents how Squid access controls operate. What they are and how to use them. Once you understand the ACLs you may have a clearer idea how to extend yoru rules properly using the information in <http://wiki.squid-cache.org/Features/SslPeekAndSplice>. Which documents what the SSL-Bump actions are, what they do and at what stages of the TLS handshake process they can happen. > > There's a way to join ssl_bump + a simple acl? Basicly, I would like to > permit access to some sites, like facebbok, linkedin, for example. during a > period of day time, for example: > > acl after_work time MTWHFAS 18:00-21:00 > ssl_bump terminate deny_https_sites !after_work > Once you understand what the "Common Mistakes" section of the ACL wiki page is talking about you will know the answer to your question. It describes the problem Alex was talking about, but in slightly simpler terms. Hint: you say you want to permit things. But you are writing rules with "deny" / "terminate" as the action for Squid to do. Seems a bit backwards, yes? The outcome of the above rules may be the behaviour you desire. But the rule is not specifying the policy you wrote about. It is specifying another policy that happens to act the same (most of the time). And "most of the time" is how strange problems appear later. PS. Apologies if we seems to be obstructing. But you really do need to properly know how Squid ACLs work if you are going to be configuring Squid. They are used for controlling almost everything, as you will see in those wiki pages. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users