On 16/04/20 5:15 pm, shubham jain wrote: > Hi, > > *Context*: > I want to use Squid as a forward proxy, where I want to > 1) send all the Image requests directly, presumably using request header > 'accept' > 2) send all other requests through a cache peer Proxy service > > The req_header directive is working fine for HTTP Requests, but not for > HTTPS. > > I've done the setup for SSL Bump in here and that's giving decrypted > HTTPS requests in the access.log as well. > > *Issue:* > The req_header directive is not working on the decrypted HTTPS requests. > > *Squid.conf* > > # SSL Bump Port > http_port 127.0.0.1:3128 <http://127.0.0.1:3128> ssl-bump > cert=/usr/local/etc/cert/example.com.cert > key=/usr/local/etc/cert/example.com.private > generate-host-certificates=on version=1 options=SINGLE_DH_USE > > # SSL Bump Config > acl step1 at_step SslBump1 > acl step2 at_step SslBump2 > acl step3 at_step SslBump3 > > acl imageIsBlocked req_header accept -i image > > ssl_bump terminate imageIsBlocked #terminate is just for testing, to > be replaced by splice > ssl_bump bump all Do the CONNECT tunnels Accept headers contain "image" ? ssl_bump decides what to do during the TLS handshake process. For your setup that is only the CONNECT requests. Once decrypted HTTPS is just HTTP with https:// URLs schemes. It is controlled by http_access and does not pass through ssl_bump rules again. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
