You are not alone but you first need to define and understand your goals in a more technical way. Squid can understand HTTP TLS\SSL IP and LAYER 2 MAC address. If in one of these you can recognize that the client needs to be bypassed from SSL BUMP or interception in general you would be able to make it work. If you have a portal that only android or mobile users can run and be identified at then you will need to first bump but give these specific users the option to somehow in the IP or LAYER 2 level be bypassed from being bumped. If you have a WIFI network you can somehow make a trick with your radius server and usernames that will allow some clients((by IP) to be bypassed based on an external acl helper. What do you think? Eliezer ---- Eliezer Croitoru Linux System Administrator Mobile: +972-5-28704261 Email: eliezer@xxxxxxxxxxxx -----Original Message----- From: squid-users [mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of FredB Sent: Thursday, February 2, 2017 1:38 PM Cc: squid-users@xxxxxxxxxxxxxxxxxxxxx Subject: Re: SSL_bump and source IP Thanks Eliezer Unfortunately my "lan" is huge, many thousands of people, and MAC addresses are not known I'm very surprised, I'm alone with this ? Nobody needs to exclude some users from SSLBump ? Fredb _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
