Search squid archive

Re: High CPU Usage with ssl_bump

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
 


22.04.16 18:39, Odhiambo Washington пишет:
>
>
> On 22 April 2016 at 13:45, Amos Jeffries <squid3@xxxxxxxxxxxxx <mailto:squid3@xxxxxxxxxxxxx>> wrote:
>
>     On 22/04/2016 8:23 p.m., Odhiambo Washington wrote:
>     >
>     > Sure, I am really struggling to understand this. I would like to serve
>     > error pages. A complete example of this would really help. I am thinking,
>     > based on the two templates you gave and going with the one where squid
>     > intrudes, that it could be like below, but to be honest I am not sure so
>     > kindly correct me.
>     >
>     >
>     > acl time_wastage_sites_ssl ssl::server_name .facebook.com <http://facebook.com> .youtube.com <http://youtube.com>
>     > ssl_bump splice time_wastage_sites_ssl
>     > ssl_bump stare all
>     > ssl_bump bump all
>     > http_access allow time_wastage_sites_ssl privileged-staff
>     > http_access allow time_wastage_sites_ssl privileged-clients
>     > http_access allow time_wastage_sites_ssl TIMElunch
>     > http_access allow time_wastage_sites_ssl TIMEafterhoursAFT
>     > http_access allow time_wastage_sites_ssl TIMEafterhoursMORN
>     > http_access allow time_wastage_sites_ssl TIMEsatALLDAY
>     > http_access allow time_wastage_sites_ssl TIMEsundALLDAY
>     > http_access deny  time_wastage_sites_ssl
>     >
>
>     In a file called "/etc/squid/tws":
>     .facebook.com <http://facebook.com>
>     .youtube.com <http://youtube.com>
>
>
>     squid.conf:
>      acl time_wastage_sites_ssl  ssl::server_name "/etc/squid/tws"
>      acl time_wastage_sites_http dstdomain        "/etc/squid/tws"
>
>      acl privileged_traffic any-of \
>         privileged-staff privileged-clients \
>         TIMElunch TIMEafterhoursAFT TIMEafterhoursMORN \
>         TIMEsatALLDAY TIMEsundALLDAY
>
>      http_access allow privileged_traffic
>      http_access deny time_wastage_sites_http
>
>      ssl_bump splice privileged_traffic time_wastage_sites_ssl
>      ssl_bump stare all
>      ssl_bump bump all
>
>
>
>     You can probably merge the TIME* ACLs down as well like:
>       # lunch
>       acl okay_times time ...
>       # afterhours PM
>       acl okay_times time ...
>       # afterhours AM
>       acl okay_times time ...
>       # Saturday and Sunday all day
>       acl okay_times time SA
>
>     Amos
>
>
> Quoting Alex:
> "
> If you want Squid to not intrude except when terminating prohibited traffic, then start with this sketch:
>
> >       ssl_bump terminate prohibited_traffic
> >       ssl_bump peek all
> >       ssl_bump splice all
> "
>
> So is it possible to achieve such a non-intrusive setup, but without 'terminate'?

Not only possible. This is the only solution if you do not want legal problems. But, of course, you will forgot about high cache hit.... :))))))))))
>
>
>
> --
> Best regards,
> Odhiambo WASHINGTON,
> Nairobi,KE
> +254 7 3200 0004/+254 7 2274 3223
> "Oh, the cruft."
>
>
> _______________________________________________
> squid-users mailing list
> squid-users@xxxxxxxxxxxxxxxxxxxxx
> http://lists.squid-cache.org/listinfo/squid-users


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
 
iQEcBAEBCAAGBQJXGhxQAAoJENNXIZxhPexG+vMH/1BC4CuOMJKp9RYxHcpf/0a+
HsBW3wdCJxCMUI6gq89wCxD9FRq/7gmJIl1vM22l6zZP15JigYrUrosBaD2bjyhk
U+e8daGrOORdnxqajgggKrCOC+pBmkjlmaceU5etteb6QfkHW4sOVTxL9kF8dx1o
0/p1Dvl4LtRynsAloBhK8mr0BMhFFYSLoYipEKSBadK0mckqxAdCIyt1EQiyNAdy
aMRfPMit5KU9JhiK8R28v0c6eSiIyP0cZ7oQG1YL2DmlGOiJ6zwPBmrsDTkb7hRZ
10XPFtzAyRydVI5ca4kN+W2o/pmIc2yUEi0CLX7qUMV88PJjS4Ep7l7+QJF5/SM=
=zxK+
-----END PGP SIGNATURE-----

Attachment: 0x613DEC46.asc
Description: application/pgp-keys

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux