On 14/05/18 12:35, Alex Rousskov wrote: > On 05/13/2018 06:15 PM, Martin Hanson wrote: > >> # THIS ISN'T WORKING!!! >> # https://www.ubuntu.com is blocked with "Access Denied" from Squid. >> http_access allow windows_boxes whitelist > > I suspect the request is blocked during SslBump step1 because there is > not enough information in the fake CONNECT request for ssl::server_name > to match ubuntu.com. Please keep in mind that ssl::server_name does not > do (reverse) DNS lookups, and the fake CONNECT request during step1 only > has an IP address, not a domain name. > > One way to test this theory is to (temporary) http_access allow CONNECT > requests to (ubuntu) IP addresses. Does that get you to SslBump step2, > where the fake CONNECT usually gets a domain name? > Alex: since you mentioned earlier that the SSL-Bump info based ACLs should work in following transaction access controls should this work? acl step1 at_step SslBump1 http_access allow CONNECT step1 Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
