Re: [squid-users] Checking SSL bump status in http_access

2016-08-18 Thread Alex Rousskov
On 08/18/2016 08:54 AM, Alex Rousskov wrote: > 1. Supported: HTTP request (including fake CONNECTs); To clarify, s/fake CONNECTs/a single fake CONNECT/ > 2. Supported: Client connection; > 3. Proposed: Compound transaction (e.g., all authenticatING requests > plus the first authenticatED reques

Re: [squid-users] Checking SSL bump status in http_access

2016-08-18 Thread Alex Rousskov
On 08/18/2016 03:18 AM, Steve Hill wrote: > On 17/08/16 17:18, Alex Rousskov wrote: >> This configuration problem should be at least partially addressed by the >> upcoming annotate_transaction ACLs inserted into ssl_bump rules: >> http://lists.squid-cache.org/pipermail/squid-dev/2016-July/006146.ht

Re: [squid-users] Checking SSL bump status in http_access

2016-08-18 Thread Steve Hill
On 17/08/16 00:12, Amos Jeffries wrote: Is there a way of figuring out if the current request is a bumped request when the http_access ACL is being checked? i.e. can we tell the difference between a GET request that is inside a bumped tunnel, and an unencrypted GET request? In Squid-3 a combo

Re: [squid-users] Checking SSL bump status in http_access

2016-08-18 Thread Steve Hill
On 17/08/16 17:18, Alex Rousskov wrote: This configuration problem should be at least partially addressed by the upcoming annotate_transaction ACLs inserted into ssl_bump rules: http://lists.squid-cache.org/pipermail/squid-dev/2016-July/006146.html That looks good. When implementing this, bew

Re: [squid-users] Checking SSL bump status in http_access

2016-08-17 Thread Alex Rousskov
On 08/16/2016 05:12 PM, Amos Jeffries wrote: > On 17/08/2016 2:22 a.m., Steve Hill wrote: >> Is there a way of figuring out if the current request is a bumped >> request when the http_access ACL is being checked? i.e. can we tell the >> difference between a GET request that is inside a bumped tunn

Re: [squid-users] Checking SSL bump status in http_access

2016-08-16 Thread Amos Jeffries
On 17/08/2016 2:22 a.m., Steve Hill wrote: > > Is there a way of figuring out if the current request is a bumped > request when the http_access ACL is being checked? i.e. can we tell the > difference between a GET request that is inside a bumped tunnel, and an > unencrypted GET request? > In Sq

[squid-users] Checking SSL bump status in http_access

2016-08-16 Thread Steve Hill
Is there a way of figuring out if the current request is a bumped request when the http_access ACL is being checked? i.e. can we tell the difference between a GET request that is inside a bumped tunnel, and an unencrypted GET request? -- - Steve Hill Technical Director Opendium Limit