-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 22.04.16 18:39, Odhiambo Washington пишет: > > > On 22 April 2016 at 13:45, Amos Jeffries <squid3@xxxxxxxxxxxxx <mailto:squid3@xxxxxxxxxxxxx>> wrote: > > On 22/04/2016 8:23 p.m., Odhiambo Washington wrote: > > > > Sure, I am really struggling to understand this. I would like to serve > > error pages. A complete example of this would really help. I am thinking, > > based on the two templates you gave and going with the one where squid > > intrudes, that it could be like below, but to be honest I am not sure so > > kindly correct me. > > > > > > acl time_wastage_sites_ssl ssl::server_name .facebook.com <http://facebook.com> .youtube.com <http://youtube.com> > > ssl_bump splice time_wastage_sites_ssl > > ssl_bump stare all > > ssl_bump bump all > > http_access allow time_wastage_sites_ssl privileged-staff > > http_access allow time_wastage_sites_ssl privileged-clients > > http_access allow time_wastage_sites_ssl TIMElunch > > http_access allow time_wastage_sites_ssl TIMEafterhoursAFT > > http_access allow time_wastage_sites_ssl TIMEafterhoursMORN > > http_access allow time_wastage_sites_ssl TIMEsatALLDAY > > http_access allow time_wastage_sites_ssl TIMEsundALLDAY > > http_access deny time_wastage_sites_ssl > > > > In a file called "/etc/squid/tws": > .facebook.com <http://facebook.com> > .youtube.com <http://youtube.com> > > > squid.conf: > acl time_wastage_sites_ssl ssl::server_name "/etc/squid/tws" > acl time_wastage_sites_http dstdomain "/etc/squid/tws" > > acl privileged_traffic any-of \ > privileged-staff privileged-clients \ > TIMElunch TIMEafterhoursAFT TIMEafterhoursMORN \ > TIMEsatALLDAY TIMEsundALLDAY > > http_access allow privileged_traffic > http_access deny time_wastage_sites_http > > ssl_bump splice privileged_traffic time_wastage_sites_ssl > ssl_bump stare all > ssl_bump bump all > > > > You can probably merge the TIME* ACLs down as well like: > # lunch > acl okay_times time ... > # afterhours PM > acl okay_times time ... > # afterhours AM > acl okay_times time ... > # Saturday and Sunday all day > acl okay_times time SA > > Amos > > > Quoting Alex: > " > If you want Squid to not intrude except when terminating prohibited traffic, then start with this sketch: > > > ssl_bump terminate prohibited_traffic > > ssl_bump peek all > > ssl_bump splice all > " > > So is it possible to achieve such a non-intrusive setup, but without 'terminate'? Not only possible. This is the only solution if you do not want legal problems. But, of course, you will forgot about high cache hit.... :)))))))))) > > > > -- > Best regards, > Odhiambo WASHINGTON, > Nairobi,KE > +254 7 3200 0004/+254 7 2274 3223 > "Oh, the cruft." > > > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJXGhxQAAoJENNXIZxhPexG+vMH/1BC4CuOMJKp9RYxHcpf/0a+ HsBW3wdCJxCMUI6gq89wCxD9FRq/7gmJIl1vM22l6zZP15JigYrUrosBaD2bjyhk U+e8daGrOORdnxqajgggKrCOC+pBmkjlmaceU5etteb6QfkHW4sOVTxL9kF8dx1o 0/p1Dvl4LtRynsAloBhK8mr0BMhFFYSLoYipEKSBadK0mckqxAdCIyt1EQiyNAdy aMRfPMit5KU9JhiK8R28v0c6eSiIyP0cZ7oQG1YL2DmlGOiJ6zwPBmrsDTkb7hRZ 10XPFtzAyRydVI5ca4kN+W2o/pmIc2yUEi0CLX7qUMV88PJjS4Ep7l7+QJF5/SM= =zxK+ -----END PGP SIGNATURE----- |
Attachment:
0x613DEC46.asc
Description: application/pgp-keys
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users