On 2015-12-29 04:55, joru.pacs wrote:
Hi!
Currently, I am using the version squid-3.5.12. I have configure the
SSL bump this way:
http_port 8080 ssl-bump \
cert=/usr/local/squid/etc/ssl_cert/myCA.pem \
generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
acl step1 at_step SslBump1
#sslproxy_options NO_SSLv2,NO_SSLv3,SINGLE_DH_USE
ssl_bump peek step1
ssl_bump bump all
I am able to do HTTP filtering, however, using doing an HTTPS url
filter does not work. A specific example is whitelisting the following
URL https://www.facebook.com/login, but I do not want to allow all of
facebook’s traffic to be whitelisted, thus the url
https://www.facebook.com should not be allowed.
Trying to do a url_regex to www.facebook.com/login [1] will give me
the default error page from squid. I am using firefox to use the
proxy. And in the logs I am given a 403 error:
"GET https://www.facebook.com/login HTTP/1.1" 403 "-" "Mozilla/5.0
(Macintosh; Intel Mac OS X 10.11; rv:42.0) Gecko/20100101
Firefox/42.0” TAG_NONE:HIER_NONE
That tells that;
- the bumping is happening, and
- traffic being decrypted, and
- request is denied by your http_access rules.
So what are the other squid.conf contents?
Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
