On 16/11/18 9:22 PM, uppsalanet wrote:
> Just for documentation purpose. Amos suggestion works perfect:
> /##### Ext magazine domains
> debug_options 11,10 58,10 82,10
> acl 302 http_status 302
> acl browzine dstdomain .browzine.com .thirdiron.com
> http_access allow browzine
>
> external_acl_type whitelist_add ttl=10 %SRC %<h{Location}
> /etc/squid/add2db.pl
>
> acl add_to_whitelist external whitelist_add
> http_reply_access allow browzine 302 add_to_whitelist
> http_reply_access allow all
> ##### Ext magazine domains </i>
>
> Why it's not working for me is that the site Im reaching have turned on
> https encryption. TLS encrypted tunnel prevents me from seeing HTTP headers,
> which means I cannot distinguish individual responses :-(
>
The only way around that is to intercept and decrypt the HTTPS using
Squid's SSL-Bump features.
<https://wiki.squid-cache.org/Features/SslPeekAndSplice>
SSL-Bump requires that you are in a situation where you can install
trusted CA certificates into all client devices. Even if the decrypt is
possible there are legal implications which vary around the world, so
please do check with a lawyer before going ahead with it.
Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
