I would like to give my users the ability to "not bump" certain sites. I tried to use the examples given on the SSLPeekandSplice wiki page but can't get it to work.
This is a snippet of my squid.conf file. *https_port 192.168.10.1:808 <http://192.168.10.1:808> intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/var/smoothwall/mods/proxy/ssl_cert/squidCA.pem* *http_port 192.168.20.1:800 <http://192.168.20.1:800> intercept* *https_port 192.168.20.1:808 <http://192.168.20.1:808> intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/var/smoothwall/mods/proxy/ssl_cert/squidCA.pem* *http_port 127.0.0.1:800 <http://127.0.0.1:800> intercept* *sslproxy_cert_error allow all* *sslproxy_flags DONT_VERIFY_PEER* *sslproxy_session_cache_size 4 MB* *acl serverIsBank dstdomain wellsfargo.com <http://wellsfargo.com>* *ssl_bump server-first all* *ssl_bump none localhostgreen* *ssl_bump none localhostpurple* *ssl_bump splice serverIsBank* *ssl_bump peek all* *ssl_bump bump all* *sslcrtd_program /var/smoothwall/mods/proxy/libexec/ssl_crtd -s /var/smoothwall/mods/proxy/lib/ssl_db -M 4MB* *sslcrtd_children 5* When I start squid I don't get any error messages and all pages, http and https, load properly. The problem is, using the example above, the *https://www.wellsfargo.com <https://www.wellsfargo.com> *website is still getting bumped, evidenced by the appearance of the ssl website in the web proxy access logs. When I don't have ssl_bump enabled then no https websites appear in the access logs, as it should be. But, enabling ssl_bump and peek and splice, web sites that I am trying not to bump still seem to be getting bumped. Any suggestions on how to properly "not bump" certain websites. Thanks, Stan
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
