On 5/28/20 3:19 AM, Antonino Gianfranco Sanacori wrote: > I have a 4.6 server Squid, i want to configure it for to permit the free > access, with http and https, to some ip address to my users. > I have read that i can use ssl_bump splice acl, then i can configure in > this way? You do not need SslBump if you only need to block by the destination IP address. > acl list dstdomain "file.acl" FYI: You said "to some ip address", but the dstdomain ACL is using domain names. Squid can try to reverse-lookup destination IP addresses (to match them to the provided domain names), but DNS reverse lookups are often unreliable. If you can indeed block by the destination IP address, then consider using the "dst" ACL instead. The "dst" ACL may also require (forward) DNS lookups, but they are often more reliable. > https_access allow list There is no https_access directive. HTTPS (and FTP) traffic uses the (arguably misnamed) http_access directive. Please note that the configuration snippet you posted does not cover the "my users" part of your requirement summary. It also allows establishing TCP tunnels to arbitrary ports (on the allowed destination addresses). Most likely, you want neither. HTH, Alex. > acl list dstdomain "file.acl" > ssl_bump splice list > http_access allow list > https_access allow list _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
