Search squid archive

Re: Squid 3.5.17 SSL-Bump Step1

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Amos Jeffries писал 2016-05-16 13:34:

Please upgrade to 3.5.19.

Upgrade to 3.5.19


acl blocked_https ssl::server_name  "/etc/squid/urls/block-url"
https_port 3129 intercept ssl-bump options=ALL:NO_SSLv3:NO_SSLv2
connection-auth=off cert=/etc/squid/squidCA.pem
acl step1 at_step SslBump1
ssl_bump peek step1
ssl_bump terminate blocked_https

It works.

Obviously not. There is no instruction what to do other than terminate.
Squid is left to other circumstances to decide what is needed...

it works! :) if you have the opportunity to check on the virtual machine



But if I use

acl users_no_inet src "/etc/squid/ip-groups/no-inet"
http_access deny users_no_inet

... you force bumping to happen in order to deliver the HTTP error message.

Try adding this rule above the peek (and the ACL line too):
ssl_bump terminate users_no_inet

trying, no success :(



I just do not understand the reason for such behavior. Why, if access is allowed everything works, and if the ban on access to HTTP, you must first see a message stating that my certificate has not been able to match, and then later ERR_ACCESS_DENIED. Sorry for my English
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux