Have you considered an external_acl that will help you to do this by the mac address or by another way like a "bypass" portal? With mac addresses DB you can know if the device is from one manufacturer or another. The hackers in your network will always find a way to bypass ssl bump eventually since there are other ports but it's something. I am not sure but if there was a way to find them by the form of the TLS hello then I believe it would be simple enough to identify these but I am not sure how possible is that. I can write a pseudo in ruby that will help to identify vendors by MAC address based on: https://github.com/royhills/arp-scan/blob/master/get-oui https://github.com/joemiller/mac-to-vendor Eliezer ---- Eliezer Croitoru Linux System Administrator Mobile: +972-5-28704261 Email: eliezer@xxxxxxxxxxxx -----Original Message----- From: squid-users [mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of FredB Sent: Thursday, February 2, 2017 10:03 AM To: squid-users@xxxxxxxxxxxxxxxxxxxxx Subject: Re: SSL_bump and source IP So how I can manage computers without my CA ? (eg: laptop temporary connected) In my situation I have also some smartphones in some case, connected to my squids, how I can exclude them from SSLBump ? I have already some ACL based on authentication (user azerty = with/without some rules) FredBb _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
