You can also add this to lock down the proxy after hours so nothing is used much like locking a door, whatever is inside is going to keep working ie connections already established however all new connections will be blocked. I love this one acl block_hours time 00:30-05:00 ssl_bump terminate all block_hours http_access deny all block_hours however this is for use with ssl intercept and root certificates installed however it also works for spliced connections as it comes before everything else the terminate everything line you can also if you want to lock down to specific mac addresses ie small office home network use eui_lookup on Example of use with mac addresses acl splice_only src 192.168.1.8 #Tasha iPhone acl splice_only src 192.168.1.10 #Jon iPhone acl splice_only src 192.168.1.11 #Amazon Fire acl splice_only src 192.168.1.15 #Tasha HP acl splice_only src 192.168.1.16 #iPad acl splice_only_mac arp (unique 48bit hardware address here) acl splice_only_mac arp (unique 48bit hardware address here) acl splice_only_mac arp (unique 48bit hardware address here) acl splice_only_mac arp (unique 48bit hardware address here) acl splice_only_mac arp (unique 48bit hardware address here) acl NoSSLIntercept ssl::server_name_regex -i "/usr/local/pkg/reg.url.nobump" acl NoBumpDNS dstdomain "/usr/local/pkg/dns.nobump" acl markBumped annotate_client bumped=true acl active_use annotate_client active=true acl bump_only src 192.168.1.3 #webtv acl bump_only src 192.168.1.4 #toshiba acl bump_only src 192.168.1.5 #imac acl bump_only src 192.168.1.9 #macbook acl bump_only src 192.168.1.13 #dell acl bump_only_mac arp (unique 48bit hardware address here) acl bump_only_mac arp (unique 48bit hardware address here) acl bump_only_mac arp (unique 48bit hardware address here) acl bump_only_mac arp (unique 48bit hardware address here) acl bump_only_mac arp (unique 48bit hardware address here) ssl_bump peek step1 miss_access deny no_miss active_use ssl_bump splice https_login active_use ssl_bump splice splice_only_mac splice_only active_use (this works as “and logic” except my annotate active use) ssl_bump splice NoBumpDNS active_use ssl_bump splice NoSSLIntercept active_use ssl_bump bump bump_only_mac bump_only active_use acl activated note active_use true ssl_bump terminate !activated acl markedBumped note bumped true url_rewrite_access deny markedBumped
|
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx https://lists.squid-cache.org/listinfo/squid-users