1. Compiled Squid 4.11 on Ubuntu 18 T3 EC2 instance: ./configure \ --prefix=/usr \ --exec-prefix=/usr \ --bindir=/usr/bin \ --sbindir=/usr/sbin \ --libdir=/usr/lib \ --libexecdir=/usr/libexec/squid \ --includedir=/usr/include \ --mandir=/usr/share/man \ --infodir=/usr/share/info \ --datadir=/usr/share/squid \ --sysconfdir=/etc/squid \ --localstatedir=/var \ --sharedstatedir=/var/lib \ --with-logdir=/var/log/squid \ --with-pidfile=/var/run/squid.pid \ --with-default-user=squid \ --with-openssl \ --enable-ssl \ --enable-ssl-crtd 2. Initialized the ssl database: sudo /usr/libexec/squid/security_file_certgen -c -s /var/cache/squid/ssl_db -M 4MB 3. I've tried to read through a few similar posts, and got something reasonably working for the allowance, but now it's appearing to allow everything: > /etc/squid/whitelist.txt *.github.com > /etc/squid/squid.conf visible_hostname squid cache deny all # Handling HTTP requests http_port 3128 http_port 3129 intercept acl allowed_http_sites dstdomain "/etc/squid/whitelist.txt" http_access allow allowed_http_sites # Handling HTTPS requests acl SSL_port port 443 http_access allow SSL_port https_port 3130 intercept ssl-bump \ cert=/etc/squid/ssl/squid.pem \ # generate-host-certificates=on \ # Defaulted with 4.11 dynamic_cert_mem_cache_size=16MB # HTTPS - Peek & Splice acl step1 at_step SslBump1 acl step2 at_step SslBump2 acl step3 at_step SslBump3 # Alex R # 10.0.1.93 NONE_ABORTED/200 0 CONNECT 209.216.230.240:443 - HIER_NONE/- - # http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-4-6-Transparent-HTTP-amp-HTTPS-Proxy-td4687578.html #ssl_bump peek step1 #ssl_bump peek step2 allowed_https_sites #ssl_bump terminate step2 #ssl_bump splice all # Berger # 10.0.1.93 NONE_ABORTED/200 0 CONNECT 209.216.230.240:443 - HIER_NONE/- - # http://squid-web-proxy-cache.1019090.n4.nabble.com/squid-4-1-transparent-https-issue-quot-curl-60-SSL-certificate-problem-self-signed-certificate-in-ce-td4688553.html #ssl_bump peek step1 all #ssl_bump peek step2 allowed_https_sites #ssl_bump splice step3 allowed_https_sites #ssl_bump terminate #dkanejs # 10.0.1.93 TCP_TUNNEL/200 25082 CONNECT 185.199.111.153:443 # Allows https://example.com, https://github.com, but not https://news.ycombinator.com ssl_bump peek all acl allowed_https_sites ssl::server_name "/etc/squid/whitelist.txt" ssl_bump splice allowed_https_sites ssl_bump terminate all http_access deny all -- Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users