On 02/01/2017 07:46 AM, Amos Jeffries wrote: > On 28/01/2017 12:36 a.m., Sergey Klusov wrote: >> acl step1 at_step SslBump1 >> ssl_bump peek step1 >> ssl_bump splice https_allow >> ssl_bump terminate all > All other traffic will be terminated ... maybe with an HTTP error page. Bugs not withstanding, the terminate action should close the client TCP connection without serving the error page. > The ssl::server_name ACL will not work outside of the ssl_bump directive. Each SslBump step gives the ACL more [reliable] information, but the ACL is not confined to the ssl_bump rules. Using this ACL before (or without any) ssl_bump steps is almost pointless because it can probably only match "none", but using it during or after those steps is fine, even outside the ssl_bump directive context. This clarification is based on my interpretation of v5 code. This aspect may not be relevant to your squid.conf, but I wanted to clarify it in case somebody uses this email thread for other purposes. Cheers, Alex. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
