On 12/11/2015 7:12 a.m., Eugene M. Zheganin wrote: > > As soon as I add sslBump, everything that is bumped, starts to be > blocking by 'http_access deny unauthorized' (everything that's spliced > works as intended). And I completely cannot understand why. Yes, I can > remove this line, but this way I'm loosing deny_info for specific cases > when someone fails to authorize, and plus - without sslBump it was > working, right ? Please help me understand this and solve the issue. > Proxy-authentication cannot be performed on MITM'd traffic. That includes SSL-bump decrypted messages. However, unlike the other methods SSL-bump CONNECT wrapper messages in explicit-proxy traffic can be authenticated and their credentials inherited by the messages decrypted. Squid should be doing that. But again cannot do it for the fake/synthetic ones it generates itself on intercepted port 443 traffic. So the question becomes, why are foo and bar ACLs not matching? http_access rules are applied separately to the CONNECT wrapper message and to the decrypted non-CONNECT HTTP message(s). Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
