On 22 April 2016 at 13:45, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote:
On 22/04/2016 8:23 p.m., Odhiambo Washington wrote:
>
> Sure, I am really struggling to understand this. I would like to serve
> error pages. A complete example of this would really help. I am thinking,
> based on the two templates you gave and going with the one where squid
> intrudes, that it could be like below, but to be honest I am not sure so
> kindly correct me.
>
>
> acl time_wastage_sites_ssl ssl::server_name .facebook.com .youtube.com
> ssl_bump splice time_wastage_sites_ssl
> ssl_bump stare all
> ssl_bump bump all
> http_access allow time_wastage_sites_ssl privileged-staff
> http_access allow time_wastage_sites_ssl privileged-clients
> http_access allow time_wastage_sites_ssl TIMElunch
> http_access allow time_wastage_sites_ssl TIMEafterhoursAFT
> http_access allow time_wastage_sites_ssl TIMEafterhoursMORN
> http_access allow time_wastage_sites_ssl TIMEsatALLDAY
> http_access allow time_wastage_sites_ssl TIMEsundALLDAY
> http_access deny time_wastage_sites_ssl
>
In a file called "/etc/squid/tws":
.facebook.com
.youtube.com
squid.conf:
acl time_wastage_sites_ssl ssl::server_name "/etc/squid/tws"
acl time_wastage_sites_http dstdomain "/etc/squid/tws"
acl privileged_traffic any-of \
privileged-staff privileged-clients \
TIMElunch TIMEafterhoursAFT TIMEafterhoursMORN \
TIMEsatALLDAY TIMEsundALLDAY
http_access allow privileged_traffic
http_access deny time_wastage_sites_http
ssl_bump splice privileged_traffic time_wastage_sites_ssl
ssl_bump stare all
ssl_bump bump all
You can probably merge the TIME* ACLs down as well like:
# lunch
acl okay_times time ...
# afterhours PM
acl okay_times time ...
# afterhours AM
acl okay_times time ...
# Saturday and Sunday all day
acl okay_times time SA
Amos
Quoting Alex:
"If you want Squid to not intrude except when terminating prohibited traffic, then start with this sketch:
> ssl_bump terminate prohibited_traffic
> ssl_bump peek all
"> ssl_bump terminate prohibited_traffic
> ssl_bump peek all
> ssl_bump splice all
So is it possible to achieve such a non-intrusive setup, but without 'terminate'?
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft."
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft."
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
