On 20/02/20 1:35 am, AndyBinder wrote: > > Currently i have 2 working bumping configurations (Squid 4.9): > > 1. Splice everything (working for blacklisting http and https sites without > Bumping) > > ssl_bump peek bump_step1 all > ssl_bump splice all Following lines are unreachable. You can just erase from the config. PS. Also you do not need the 'all' ACL on that first line. > ssl_bump peek bump_step2 all > ssl_bump splice bump_step3 all > ssl_bump bump > > 2. Bump everything except bump_nobumpsites > > ssl_bump peek bump_step1 all > ssl_bump peek bump_step2 bump_nobumpsites > ssl_bump splice bump_step3 bump_nobumpsites > ssl_bump stare bump_step2 > ssl_bump bump bump_step3 > > Now i try to combine both of them into one configuration and want to decide > weather bumping or splicing via the nametag of the port (=acl > bump_nobumpport). > > Final wanted situation in words: > > Bump everything except bump_nobumpsites and bump_nobumpports, but the SNI must > be visible to match agains blacklisted urls. How important is that word "and" in your policy statement? The config earlier used an OR condition: ssl_bump peek bump_step2 bump_nobumpsites ssl_bump peek bump_step2 bump_nobumpport This would be AND condition: ssl_bump peek bump_step2 bump_nobumpport bump_nobumpsites > > @Alex: I tried your configuration examples but the blacklisted urls won't match > on https sites. If you are matching *URLs* that is the problem. Only the domain name is available during ssl_bump checks. The URL only appears after bumping, and only from http_access onwards. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
