On 04/20/2016 02:22 PM, Odhiambo Washington wrote: > All I want is the ability to intercept SSL sites and control access to > them using TIME ACLs. That's all. I will assume that your definition of a "site" is "domain name". > So in simple: > 1. UserX tries to access facebook.com/youtube.com > 2. I intercept transparently https traffic > 3. I tell squid "don't allow this user to access facebook.com > at this time, but let them access at some-other-time > 4. If time is right, let userX access the site. > So looks like all I need is a setup of passive monitoring, given my > explanation above, right? The answer depends on what you want Squid to do when access is not allowed. If you are OK with terminating the prohibited connection (no error messages explaining company policy sent by Squid to your users!), then yes: ssl_bump terminate restricted_sites ssl_bump peek all ssl_bump splice all As typical for SslBump, Squid has bugs and missing features in some corner cases touched by the above simple configuration, so some babysitting and additional configuration is likely, but it should work in principle. Known bugs can be fixed and missing features added. HTH, Alex. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
