-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf
Of FredB
Sent: Thursday, February 2, 2017 1:38 PM
Cc: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] SSL_bump and source IP
Thanks Eliezer
Unfortunately my "lan" is huge, many thousands of people, and MAC add
>
> acl tls_s1_connect at_step SslBump1
>
> acl tls_vip_usersfill-in-your-details
>
> ssl_bump splicetls_vip_users # do not peek/bump vip users
> ssl_bump peek tls_s1_connect # peek at connections of other
> users
> ssl_bump stare all# peek
The terminology may be confusing:
ssl_bump means more or less "looking at HTTPS traffic"
ssl_bump splice means "do not bump/intercept HTTPS traffic. No fake CA certificates
are used"
ssl_bump bumpmeans "bump/intercept HTTPS traffic and use a fake CA
certificate"
So the question is
I am with you on this. Unfortunately, the way a certain subject turns out
not easy for someone in school, so does ssl_bump to me!
On 2 February 2017 at 14:37, FredB wrote:
> Thanks Eliezer
>
> Unfortunately my "lan" is huge, many thousands of people, and MAC
> addresses are not known
> I'm very
Thanks Eliezer
Unfortunately my "lan" is huge, many thousands of people, and MAC addresses are
not known
I'm very surprised, I'm alone with this ? Nobody needs to exclude some users
from SSLBump ?
Fredb
___
squid-users mailing list
squid-users@lists.
quid-users-boun...@lists.squid-cache.org] On Behalf
Of FredB
Sent: Thursday, February 2, 2017 10:03 AM
To: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] SSL_bump and source IP
So how I can manage computers without my CA ? (eg: laptop temporary connected)
In my situation I
So how I can manage computers without my CA ? (eg: laptop temporary connected)
In my situation I have also some smartphones in some case, connected to my
squids, how I can exclude them from SSLBump ?
I have already some ACL based on authentication (user azerty = with/without
some rules)
FredB
On 12/01/2017 1:04 a.m., FredB wrote:
>
>> but not all requests from a specific source
>
>> what do you mean here?
>
> I mean no ssl-bump at all for a specific user, no matter the destinations
> I tried some acl without success
At the time of bumping Squid has no idea what a "user" is and thing
> but not all requests from a specific source
> what do you mean here?
I mean no ssl-bump at all for a specific user, no matter the destinations
I tried some acl without success
>>, maybe because I'm using x-forwarded ?
> x-forwarded-for has nothing to do with this
There is a known bug with s
On 11.01.17 11:37, FredB wrote:
I'm searching a way to exclude an user (account) or an IP from my lan
I can exclude a destination domain to decryption with SSL_bump
simply define an ACL and deny bumping it.
but not all requests from a specific source
what do you mean here?
, maybe because
Hello,
I'm searching a way to exclude an user (account) or an IP from my lan
I can exclude a destination domain to decryption with SSL_bump but not all
requests from a specific source, maybe because I'm using x-forwarded ?
Thanks
Fred
___
squid-use
11 matches
Mail list logo
