Yuri thanks again. I'm going to give it a try and post my results.
Alejandro 2016-01-05 11:57 GMT-03:00 Yuri Voinov <yvoi...@gmail.com>: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > You can write it easy ;) > > Please note: > > 1. AFAIK, splice rule must be preceded by bump rule in your config. > 2. You can use ssl::server_name_regex or ssl::server_name for a decision > 3. In most cases your users must have your cache CA's when cache cannot > splice > > Config snippet, for example, will looks like this: > > # SSL bump rules 1 > acl step1 at_step SslBump1 > acl Splice_Only ssl::server_name_regex -i > "/usr/local/squid/etc/google_sites" > ssl_bump splice Splice_Only > ssl_bump peek step1 > ssl_bump bump all > > Note: This snippet will bump all others, and tunnel Splice_Only acl sites. > > # SSL bump rules 2 > acl step1 at_step SslBump1 > ssl_bump peek step1 > acl Splice_Only ssl::server_name_regex -i > "/usr/local/squid/etc/google_sites" > ssl_bump splice Splice_Only > ssl_bump bump all > > Note: This snippet will peek all, splice Splice_Only acl, and bump all > others. > > Amos, Alex, > > correct me if I somewhere wrong. > > WBR, Yuri > > PS. Also note: you must adjust https_port and/or other SSL options for > harden your cache's TLS connections to avoid other Chrome security > warnings. For example, avoid using SHA1 in your cache's CA, configure EDH > ciphers for outgoing _and_ client-to-cache connections, suppress using > SSLv2/SSLv3 (but keep in mind: you have _much_ old clients, like IM, which > is hardcoded to use SSLv2/SSLv3 and you will got warnings/errors in your > cache.log about it). > > 05.01.16 18:51, Alejandro Martinez пишет: > > > I all > > I'm still lost, can I ask for a minimal working config splicing > google.com > > sites ? > > > > I have made some additional checks (blocking QUIC), but with no lunk. > > > > I'm thinking creating an external helper that receives via > ssl::server_name > > and make a decision there, but if there is a chance with a simple text > file > > would appreciate that. > > > > Thanks. > > > > > > 2016-01-04 9:52 GMT-03:00 Alejandro Martinez <ajm.marti...@gmail.com> > <ajm.marti...@gmail.com>: > > > >> Thanks all for your help. > >> > >> Is there a minimal config example to see splicing correctly Google > sites? > >> > >> It would be very helpful. > >> El 04/01/2016 09:28, "Amos Jeffries" <squ...@treenet.co.nz> > <squ...@treenet.co.nz> escribió: > >> > >>> On 4/01/2016 1:16 p.m., Alejandro Martinez wrote: > >>>> Thanks again Yuri. > >>>> > >>>> I have tried blocking udp protocol on port 80 and 443 but without > luck. > >>> > >>> That does not help resolve the errors Chrome is displaying when using > >>> the proxy. It does help resolve the errors that happen by Chrome trying > >>> to bypass the proxy by using the proprietary QUIC protocol. > >>> > >>>> > >>>> Is it possible to make google sites work in transparent mode without > >>>> bumping ? only splicing ? > >>>> > >>> > >>> Of course. That is the purpose of splice. Bumping is optional. > >>> > >>> Amos > >>> _______________________________________________ > >>> squid-users mailing list > >>> squid-users@lists.squid-cache.org > >>> http://lists.squid-cache.org/listinfo/squid-users > >>> > >> > > > > > > > > _______________________________________________ > > squid-users mailing list > > squid-users@lists.squid-cache.org > > http://lists.squid-cache.org/listinfo/squid-users > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2 > > iQEcBAEBCAAGBQJWi9nXAAoJENNXIZxhPexG/FsH/21aB4HVW1VEBlHBpebgDllX > qNrMndyVNohyne9vloFOafl5Vs0IqhVQVMU1AJrLvXXNhTzRa2vSrud/xgi62AZ4 > 3C7V6OI+m+qfPXyjMjuyVZm2hkofUXBKn518ZzyjiV89Qzlr24FQv41v8j7ebYZo > Jn3YLk7FsSnZ/2q8zSERsXARr9OxBW6JJqlHDBF4FbUrDSRs67UAvJyrcDccNB1i > b539GdUHGGljftY2O1xpgSHBUelylWTWtfgE1qYKfTYoXqb3yhI3VkBx3+0AgCNY > 3VJIwn5TU+j98rz3r7sd7re8KPtssY5jukVo1drLkSm9w1HOxL5kiLJ/MP+MnEg= > =S2qK > -----END PGP SIGNATURE----- > > > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users > >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
