Could you direct me to those scripts? Also, am I understanding correctly that in this mode: acl blocklist dstdomain ... ssl_bump peek all ssl_bump splice blocklist ssl_bump terminate all I will only need certs to display an error page from squid via ssl, but unblocked domains should be just fine? I think it should be ssl_bump splice !blocklist Since blocklist is the list of domains that needs blocking, so we don't need to splice them. Oh, and one more thing, wouldn't dstdomain match something that was sent in the CONNECT request itself, instead of the SNI in the client hello if it is present? -- HisShadow _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
