On 12/01/2017 1:04 a.m., FredB wrote: > >> but not all requests from a specific source > >> what do you mean here? > > I mean no ssl-bump at all for a specific user, no matter the destinations > I tried some acl without success At the time of bumping Squid has no idea what a "user" is and things like the X-Forwarded-For are probably also unknown/unavailable. All you can assume being known about the client is the TCP detail (IP:port), perhapse an IDENT label or TOS marking. Though I'm not sure of the latter two. > >>> , maybe because I'm using x-forwarded ? > >> x-forwarded-for has nothing to do with this > > There is a known bug with sslbump and x-forwarded (bug about log) maybe there is a relation, my "fake" address is not known or something like this That bug is relevant only in the case of clients being configured to use the proxy as a forward/explicit proxy (no intercept or tproxy). In the non-relevant traffic types XFF header is simply not existing, period. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
