On 11/08/2015 11:33 PM, Mark Carey wrote: > What I am interested in is whether there is or ever was a squid module that; > > 1. is suitable for running in intercept mode > > 2. maintains a list of active https connections > > 3. checks the acls to see if access is permitted, to the extent > permitted by https, so some checks would need to pass through lack of > sufficient information > > 4. when a new https connection is intercepted (internally fakes the > setup of a CONNECT tunnel) > > 5. if permitted and a suitable CONNECT tunnel exists shovels bits back > and forward like a traditional non intercepted proxy > > 6. if not returns icmp host unreachable > > 7. accounts for traffic in the same way as squid would in a configured > proxy setup > > Has anyone tried this? Or is the answer download the source and > patches welcome? AFAICT, SslBump with "peek at and then splice everything" rules will give you most if not all of the above: http://wiki.squid-cache.org/Features/SslPeekAndSplice http://bugs.squid-cache.org/show_bug.cgi?id=4340 Alex. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
