The terminology may be confusing:
ssl_bump means more or less "looking at HTTPS traffic"
ssl_bump splice means "do not bump/intercept HTTPS traffic. No fake CA certificates are used"
ssl_bump bump means "bump/intercept HTTPS traffic and use a fake CA certificate"
So the question is not about ssl_bump but about "ssl_bump bump".
To prevent the active bump, you need an acl to splice (leave the connection alone)
Something like this:
acl tls_s1_connect at_step SslBump1
acl tls_vip_users fill-in-your-details
ssl_bump splice tls_vip_users # do not peek/bump vip users
ssl_bump peek tls_s1_connect # peek at connections of other users
ssl_bump stare all # peek/stare at the server side of connections of other users
ssl_bump bump all # bump connections of other users
Marcus
On 11/01/17 09:50, Matus UHLAR - fantomas wrote:
On 11.01.17 11:37, FredB wrote:
I'm searching a way to exclude an user (account) or an IP from my lan
I can exclude a destination domain to decryption with SSL_bump
simply define an ACL and deny bumping it.
but not all requests from a specific source
what do you mean here?
, maybe because I'm using x-forwarded ?
x-forwarded-for has nothing to do with this
Maybe you should rephrase the question so we understant you better.
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
