Am Montag, 17. Februar 2020, 10:37:20 CET schrieb Amos Jeffries: > On 17/02/20 10:23 pm, AndyBinder wrote: > > Hi, i have a question regarding the ssl-bump feature of squid. > > I have set up multiple ports for transparent mode on loopback interface > > and > > one explicit on my real local interface. On the loopback interface the > > parameters ssl-bump and intercept are set. On the explicit interface the > > ssl- bump parameter is set. The ssl-bump is properly configured in acl. > > The problem is that i can only configure bump and splice for both > > (explicit and transparent). > > I would like to achive different bumping behavior on the ports. For > > example > > bump on regular interface and splice all on loopback (transparent proxy). > > The bumping behavior is configured globally and i don't see a possibility > > to separate it per port. > > > > Maybe somebody has a hint for me? > > The myportname ACL type should work in ssl_bump directive. It matches > against the name= parameter of port directives. > > Amos > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users Thank You very much for your answer! But i think i am doing something wrong.. In brackets there are the changes i have made. Sample snippet from my squid.conf: http_port 127.0.0.1:3128 name=transparent intercept ssl-bump cert=/var/ squid/ssl/ca.pem dynamic_cert_mem_cache_size=10MB generate-host-certificates=on https_port 127.0.0.1:3129 name=transparent intercept ssl-bump cert=/var/ squid/ssl/ca.pem dynamic_cert_mem_cache_size=10MB generate-host-certificates=on http_port 192.168.1.1:3128 ssl-bump cert=/var/squid/ssl/ca.pem dynamic_cert_mem_cache_size=10MB generate-host-certificates=on sslcrtd_program /usr/local/libexec/squid/security_file_certgen -s /var/ squid/ssl_crtd -M 4MB sslcrtd_children 5 tls_outgoing_options options=NO_TLSv1 cipher=HIGH:MEDIUM:!RC4:!aNULL:! eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS acl bump_step1 at_step SslBump1 acl bump_step2 at_step SslBump2 acl bump_step3 at_step SslBump3 acl bump_nobumpsites ssl::server_name "/usr/local/etc/squid/ nobumpsites.acl" --> (acl bump_nobumpport myportname transparent) ssl_bump peek bump_step1 all ssl_bump peek bump_step2 bump_nobumpsites --> (ssl_bump peek bump_step2 bump_nobumpport) ssl_bump splice bump_step3 bump_nobumpsites --> (ssl_bump splice bump_step3 bump_nobumpport) ssl_bump stare bump_step2 ssl_bump bump bump_step3 sslproxy_cert_error deny all ... _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
