Hi,
I'm new to Squid, and having trouble getting SSL filtering work.
I have a blanket block setup with Squid as Transparent proxy where access it
allowed only to github.com. But, squid generates certificates for IP address
instead of domain name and SSL validation fails.Squid version:
3.5.25-20170408-r14154When I use curl (I have imported my self signed SSL to
the certificate store)
curl: (51) SSL: certificate subject name (192.30.255.112) does not match target
host name 'github.com
How to configure properly to splice a whitelist and block all other domains.
Below is my current configurationhttp_port 3128
http_port 3129 intercept
https_port 3130intercept ssl-bump enerate-host-certificates=on
dynamic_cert_mem_cache_size=4MB
cert=/etc/squid/ssl_certs/myca.pem key=/etc/squid/ssl_certs/myca.pem
acl whitelist ssl::server_name .github.com
acl step1 at_step SslBump1
ssl_bump peek step1
ssl_bump splice whitelist
ssl_bump bump all
Please help me fixing the issue.
thanks,Shan
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
