Have you checked https://www.squid-cache.org/Doc/config/logformat/ ? There is a note about "logformat referrer", it should be what you are looking for
On Wed, Apr 10, 2024 at 10:16 PM Bobby Matznick <bmatzn...@pbandt.bank> wrote: > Question about squid, Debian version 4.13. Looking for a way to log > referer’s. I see the way that worked up until version 4, seems this does > not work anymore. I’m having some trouble finding if anything replaced it > or if there’s another way to go about this? Here is the old way. > > referrer_log /pathname > > > > Thanks for any help you can provide! > > > > Bobby > > > > *From:* squid-users <squid-users-boun...@lists.squid-cache.org> *On > Behalf Of *squid-users-requ...@lists.squid-cache.org > *Sent:* Friday, April 5, 2024 6:00 AM > *To:* squid-users@lists.squid-cache.org > *Subject:* [External] squid-users Digest, Vol 116, Issue 7 > > > > *Caution:* This is an external email and has a suspicious subject or > content. Please take care when clicking links or opening attachments. When > in doubt, contact your IT Department > > Send squid-users mailing list submissions to > squid-users@lists.squid-cache.org > > To subscribe or unsubscribe via the World Wide Web, visit > https://lists.squid-cache.org/listinfo/squid-users > or, via email, send a message with subject or body 'help' to > squid-users-requ...@lists.squid-cache.org > > You can reach the person managing the list at > squid-users-ow...@lists.squid-cache.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of squid-users digest..." > > > Today's Topics: > > 1. Re: Squid cache questions (Amos Jeffries) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Fri, 5 Apr 2024 14:17:16 +1300 > From: Amos Jeffries <squ...@treenet.co.nz> > To: squid-users@lists.squid-cache.org > Subject: Re: [squid-users] Squid cache questions > Message-ID: <bef43696-be7f-463b-b82e-d4346abba...@treenet.co.nz> > Content-Type: text/plain; charset=UTF-8; format=flowed > > On 4/04/24 17:48, Jonathan Lee wrote: > > Is there any particular order to squid configuration?? > > > > Yes. <https://wiki.squid-cache.org/SquidFaq/OrderIsImportant> > > > > Does this look correct? > > > > Best way to find out is to run "squid -k parse", which should be done > after upgrades as well to identify and fix changes between versions as > we improve the output. > > > > I actually get allot of hits and it functions amazing, so I wanted to > > share this in case I could improve something. Is there any issues with > > security? > > Yes, the obvious one is "DONT_VERIFY_PEER" disabling TLS security > entirely on outbound connections. That particular option will prevent > you even being told about suspicious activity regarding TLS. > > Also there are a few weird things in your TLS cipher settings, such as > this sequence " EECDH+aRSA+RC4:...:!RC4 " > Which as I understand, enables the EECDH with RC4 hash, but also > forbids all uses of RC4. > > > > I am concerned that an invasive container could become > > installed in the cache and data marshal the network card. > > > > You have a limit of 4 MB for objects allowed to pass through this proxy, > exception being objects from domains listed in the "windowsupdate" ACL > (not all Windows related) which are allowed up to 512 MB. > > For the general case, any type of file which can store an image of some > system is a risk for that type of vulnerability can be cached. > > The place to fix that vulnerability properly is not the cache or Squid. > It is the OS permissions allowing non-Squid software access to the cache > files and/or directory. > > > > > Here is my config > > > > # This file is automatically generated by pfSense > > # Do not edit manually ! > > Since this file is generated by pfsense there is little that can be done > about ordering issues and very hard to tell which of the problems below > are due to pfsense and which due toy your settings. > > FWIW, there are no major issues, just some lines not being necessary due > to setting things to their default values, or just some blocks already > denyign things that are blocked previously. > > > > > > http_port 192.168.1.1:3128 ssl-bump generate-host-certificates=on > dynamic_cert_mem_cache_size=20MB cert=/usr/local/etc/squid/serverkey.pem > cafile=/usr/local/share/certs/ca-root-nss.crt > capath=/usr/local/share/certs/ > cipher=EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:HIGH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS > tls-dh=prime256v1:/etc/dh-parameters.2048 > options=NO_SSLv3,SINGLE_DH_USE,SINGLE_ECDH_USE > > > > http_port 127.0.0.1:3128 intercept ssl-bump > generate-host-certificates=on dynamic_cert_mem_cache_size=20MB > cert=/usr/local/etc/squid/serverkey.pem > cafile=/usr/local/share/certs/ca-root-nss.crt > capath=/usr/local/share/certs/ > cipher=EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:HIGH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS > tls-dh=prime256v1:/etc/dh-parameters.2048 > options=NO_SSLv3,SINGLE_DH_USE,SINGLE_ECDH_USE > > > > https_port 127.0.0.1:3129 intercept ssl-bump > generate-host-certificates=on dynamic_cert_mem_cache_size=20MB > cert=/usr/local/etc/squid/serverkey.pem > cafile=/usr/local/share/certs/ca-root-nss.crt > capath=/usr/local/share/certs/ > cipher=EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:HIGH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS > tls-dh=prime256v1:/etc/dh-parameters.2048 > options=NO_SSLv3,SINGLE_DH_USE,SINGLE_ECDH_USE > > > > icp_port 0 > > digest_generation off > > dns_v4_first on > > pid_filename /var/run/squid/squid.pid > > cache_effective_user squid > > cache_effective_group proxy > > error_default_language en > > icon_directory /usr/local/etc/squid/icons > > visible_hostname **** > > cache_mgr **** > > access_log /var/squid/logs/access.log > > cache_log /var/squid/logs/cache.log > > cache_store_log none > > netdb_filename /var/squid/logs/netdb.state > > pinger_enable on > > pinger_program /usr/local/libexec/squid/pinger > > sslcrtd_program /usr/local/libexec/squid/security_file_certgen -s > /var/squid/lib/ssl_db -M 4MB -b 2048 > > tls_outgoing_options cafile=/usr/local/share/certs/ca-root-nss.crt > > tls_outgoing_options capath=/usr/local/share/certs/ > > tls_outgoing_options options=NO_SSLv3,SINGLE_DH_USE,SINGLE_ECDH_USE > > tls_outgoing_options > cipher=EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:HIGH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS > > tls_outgoing_options flags=DONT_VERIFY_PEER > > sslcrtd_children 10 > > > > logfile_rotate 0 > > debug_options rotate=0 > > shutdown_lifetime 3 seconds > > # Allow local network(s) on interface(s) > > acl localnet src 192.168.1.0/27 > > forwarded_for transparent > > httpd_suppress_version_string on > > uri_whitespace strip > > > > acl getmethod method GET > > > > acl windowsupdate dstdomain windowsupdate.microsoft.com > > acl windowsupdate dstdomain .update.microsoft.com > > acl windowsupdate dstdomain download.windowsupdate.com > > acl windowsupdate dstdomain redir.metaservices.microsoft.com > > acl windowsupdate dstdomain images.metaservices.microsoft.com > > acl windowsupdate dstdomain c.microsoft.com > > acl windowsupdate dstdomain www.download.windowsupdate.com > > acl windowsupdate dstdomain wustat.windows.com > > acl windowsupdate dstdomain crl.microsoft.com > > acl windowsupdate dstdomain sls.microsoft.com > > acl windowsupdate dstdomain productactivation.one.microsoft.com > > acl windowsupdate dstdomain ntservicepack.microsoft.com > > acl windowsupdate dstdomain dc1-st.ksn.kaspersky-labs.com > > acl windowsupdate dstdomain dc1-file.ksn.kaspersky-labs.com > > acl windowsupdate dstdomain dc1.ksn.kaspersky-labs.com > > > > acl rewritedoms dstdomain .facebook.com .akamaihd.net .fbcdn.net . > google.com .static.com .apple.com .oracle.com .sun.com .java.com . > adobe.com .steamstatic.com .steampowered.com .steamcontent.com .google.com > > > > store_id_program /usr/local/libexec/squid/storeid_file_rewrite > /var/squid/storeid/storeid_rewrite.txt > > store_id_children 10 startup=5 idle=1 concurrency=0 > > always_direct allow !getmethod > > store_id_access deny connect > > store_id_access deny !getmethod > > store_id_access allow rewritedoms > > reload_into_ims on > > max_stale 20 years > > minimum_expiry_time 0 > > > > > I am not sure how many of these refresh_pattern rules below are written > by you, copy-pasted from elsewhere, or added automatically by pfsense. > So how you need to fix the problems here is uncertain. > > That said, please consider removing all these override-* and ignore-*. > <http://www.squid-cache.org/Doc/config/refresh_pattern/> > > > > > > refresh_pattern -i squid.internal 10080 80% 79900 override-lastmod > override-expire ignore-reload ignore-no-store ignore-must-revalidate > ignore-private ignore-auth > > > > #APPLE STUFF > > refresh_pattern -i > > apple.com/..(cab|exe|msi|msu|msf|asf|wmv|wma|dat|zip|dist)$ > 0 80% 43200 refresh-ims > > > > #apple update > > refresh_pattern -i (download|adcdownload)apple.com/.*.(pkg|dmg) 4320 > 100% 43200 > > refresh_pattern -i appldnld.apple.com 129600 100% 129600 > > refresh_pattern -i phobos.apple.com 129600 100% 129600 > > refresh_pattern -i iosapps.itunes.apple.com 129600 100% 129600 > > > > # Updates: Windows > > refresh_pattern -i microsoft.com/..(cab|exe|msi|msu|msf|asf|wma|dat|zip)$ > 4320 80% 43200 refresh-ims > > refresh_pattern -i > > windowsupdate.com/..(cab|exe|msi|msu|msf|asf|wma|wmv)|dat|zip)$ > 4320 80% 43200 refresh-ims > > refresh_pattern -i windows.com/..(cab|exe|msi|msu|msf|asf|wmv|wma|dat|zip)$ > 4320 80% 43200 refresh-ims > > refresh_pattern -i > > microsoft.com/.*.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) > 4320 80% 43200 > > refresh_pattern -i > > windowsupdate.com/.*.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) > 4320 80% 43200 > > refresh_pattern -i windows.com/.*.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) > 4320 80% 43200 > > refresh_pattern -i .*windowsupdate.com/.*.(cab|exe) 259200 100% 259200 > > refresh_pattern -i .*update.microsoft.com/.*.(cab|exe|dll|msi|psf) > 259200 100% 259200 > > refresh_pattern windowsupdate.com/.*.(cab|exe|dll|msi|psf) 10080 100% > 43200 > > refresh_pattern download.microsoft.com/.*.(cab|exe|dll|msi|psf) 10080 > 100% 43200 > > refresh_pattern www.microsoft.com/.*.(cab|exe|dll|msi|psf) 10080 100% > 43200 > > refresh_pattern au.download.windowsupdate.com/.*.(cab|exe|dll|msi|psf) > 4320 100% 43200 > > refresh_pattern bg.v4.pr.dl.ws.microsoft.com/.*.(cab|exe|dll|msi|psf) > 4320 100% 43200 > > #windows update NEW UPDATE 0.04 > > refresh_pattern update.microsoft.com/.*.(cab|exe) 43200 100% 129600 > > refresh_pattern > ([^.]+.)?(download|(windows)?update).(microsoft.)?com/.*.(cab|exe|msi|msp|psf) > 4320 100% 43200 > > refresh_pattern update.microsoft.com/.*.(cab|exe|dll|msi|psf) 10080 > 100% 43200 > > refresh_pattern -i > > update.microsoft.com/.*.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) > 525600 100% 525600 > > refresh_pattern -i > > windowsupdate.com/.*.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) > 525600 100% 525600 > > refresh_pattern -i > > download.microsoft.com/.*.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) > 525600 100% 525600 > > refresh_pattern -i > > ws.microsoft.com/.*.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) > 525600 100% 525600 > > > > refresh_pattern > ([^.]+.)?(cs|content[1-9]|hsar|content-origin|client-download).[steampowered|steamcontent].com/.*.* > 43200 100% 43200 reload-into-ims ignore-reload ignore-no-store > override-expire override-lastmod > > refresh_pattern ([^.]+.)?akamai.steamstatic.com/.*.* 43200 100% 43200 > reload-into-ims ignore-reload ignore-no-store override-expire > override-lastmod > > > > refresh_pattern -i ([^.]+.)?adobe.com/.*.(zip|exe) 43200 100% 43200 > reload-into-ims ignore-reload ignore-no-store override-expire > override-lastmod > > refresh_pattern -i ([^.]+.)?java.com/.*.(zip|exe) 43200 100% 43200 > reload-into-ims ignore-reload ignore-no-store override-expire > override-lastmod > > refresh_pattern -i ([^.]+.)?sun.com/.*.(zip|exe) 43200 100% 43200 > reload-into-ims ignore-reload ignore-no-store override-expire > override-lastmod > > refresh_pattern -i ([^.]+.)?oracle.com/.*.(zip|exe|tar.gz) 43200 100% > 43200 reload-into-ims ignore-reload ignore-no-store override-expire > override-lastmod > > > > refresh_pattern -i appldnld.apple.com 43200 100% 43200 ignore-reload > ignore-no-store override-expire override-lastmod > > refresh_pattern -i ([^.]+.)?apple.com/.*.(ipa) 43200 100% 43200 > ignore-reload ignore-no-store override-expire override-lastmod > > > > refresh_pattern -i ([^.]+.)?google.com/.*.(exe|crx) 10080 80% 43200 > override-expire override-lastmod ignore-no-cache ignore-reload > reload-into-ims ignore-private > > refresh_pattern -i ([^.]+.)?g.static.com/.*.(exe|crx) 10080 80% 43200 > override-expire override-lastmod ignore-no-cache ignore-reload > reload-into-ims ignore-private > > > > #FACEBOOK > > refresh_pattern ^http?://*facebook.com/* 10080 80% 43200 > override-expire override-lastmod ignore-no-cache ignore-reload > reload-into-ims ignore-private > > > > #FACEBOOK IMAGES > > refresh_pattern -i pixel.facebook.com..(jpg|png|gif|ico|css|js) 10080 > 80% 43200 override-expire override-lastmod ignore-no-cache ignore-reload > reload-into-ims ignore-private > > refresh_pattern -i .akamaihd.net..(jpg|png|gif|ico|css|js) 10080 80% > 43200 override-expire override-lastmod ignore-no-cache ignore-reload > reload-into-ims ignore-private > > refresh_pattern -i (facebook.com).(jpg|png|gif) 10080 80% 43200 > store-stale override-expire override-lastmod ignore-no-cache ignore-reload > reload-into-ims ignore-private > > refresh_pattern static.(xx|ak).fbcdn.net.(jpg|gif|png) 10080 80% 43200 > override-expire override-lastmod ignore-no-cache ignore-reload > reload-into-ims ignore-private > > refresh_pattern ^https?://profile.ak.fbcdn.net*.(jpg|gif|png) 10080 80% > 43200 override-expire override-lastmod ignore-no-cache ignore-reload > reload-into-ims ignore-private > > > > #FACEBOOK VIDEO > > refresh_pattern -i .video.ak.fbcdn.net.*.(mp4|flv|mp3|amf) 10080 80% > 43200 override-expire override-lastmod ignore-no-cache ignore-reload > reload-into-ims ignore-private > > refresh_pattern (audio|video)/(webm|mp4) 10080 80% 43200 override-expire > override-lastmod ignore-no-cache ignore-reload reload-into-ims > ignore-private > > > > > > range_offset_limit 512 MB windowsupdate > > maximum_object_size 512 MB windowsupdate > > range_offset_limit 0 > > quick_abort_min -1 KB > > > > cache_mem 64 MB > > maximum_object_size_in_memory 256 KB > > memory_replacement_policy heap LFUDA > > cache_replacement_policy heap LFUDA > > minimum_object_size 0 KB > > maximum_object_size 4 MB > > cache_dir diskd /var/squid/cache 64000 256 256 > > offline_mode off > > cache_swap_low 90 > > cache_swap_high 95 > > acl donotcache dstdomain '/var/squid/acl/donotcache.acl' > > cache deny donotcache > > cache allow all > > # Add any of your own refresh_pattern entries above these. > > refresh_pattern ^ftp: 1440 20% 10080 > > refresh_pattern ^gopher: 1440 0% 1440 > > refresh_pattern -i (/cgi-bin/|?) 0 0% 0 > > refresh_pattern . 0 20% 4320 > > > > > > #Remote proxies > > > > > > # Setup some default acls > > # ACLs all, manager, localhost, and to_localhost are predefined. > > acl allsrc src all > > acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 8080 > 3128 3129 1025-65535 > > acl sslports port 443 563 8080 5223 2197 > > > > acl purge method PURGE > > acl connect method CONNECT > > > > # Define protocols used for redirects > > acl HTTP proto HTTP > > acl HTTPS proto HTTPS > > > > # SslBump Peek and Splice > > # http://wiki.squid-cache.org/Features/SslPeekAndSplice > > # http://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit > > # Match against the current step during ssl_bump evaluation [fast] > > # Never matches and should not be used outside the ssl_bump context. > > # > > # At each SslBump step, Squid evaluates ssl_bump directives to find > > # the next bumping action (e.g., peek or splice). Valid SslBump step > > # values and the corresponding ssl_bump evaluation moments are: > > # SslBump1: After getting TCP-level and HTTP CONNECT info. > > # SslBump2: After getting TLS Client Hello info. > > # SslBump3: After getting TLS Server Hello info. > > # These ACLs exist even when 'SSL/MITM Mode' is set to 'Custom' so that > > # they can be used there for custom configuration. > > acl step1 at_step SslBump1 > > acl step2 at_step SslBump2 > > acl step3 at_step SslBump3 > > acl banned_hosts src '/var/squid/acl/banned_hosts.acl' > > acl whitelist dstdom_regex -i '/var/squid/acl/whitelist.acl' > > acl blacklist dstdom_regex -i '/var/squid/acl/blacklist.acl' > > http_access allow manager localhost > > > > # Allow external cache managers > > acl ext_manager src 192.168.1.1 > > acl ext_manager src 127.0.0.1 > > http_access allow manager ext_manager > > > > http_access deny manager > > http_access allow purge localhost > > http_access deny purge > > http_access deny !safeports > > http_access deny CONNECT !sslports > > > > # Always allow localhost connections > > http_access allow localhost > > > > quick_abort_min 0 KB > > quick_abort_max 0 KB > > quick_abort_pct 95 > > request_body_max_size 0 KB > > delay_pools 1 > > delay_class 1 2 > > delay_parameters 1 -1/-1 -1/-1 > > delay_initial_bucket_level 100 > > delay_access 1 allow allsrc > > > > # Reverse Proxy settings > > > > deny_info TCP_RESET allsrc > > > > # Package Integration > > url_rewrite_program /usr/local/bin/squidGuard -c > /usr/local/etc/squidGuard/squidGuard.conf > > url_rewrite_bypass off > > url_rewrite_children 32 startup=8 idle=4 concurrency=0 > > > > Squidguard is very outdated. You should upgrade to its successor > ufdbguard if possible. > > > > > # Custom options before auth > > #host_verify_strict on > > > > # These hosts are banned > > http_access deny banned_hosts > > # Always allow access to whitelist domains > > http_access allow whitelist > > # Block access to blacklist domains > > http_access deny blacklist > > # List of domains allowed to logging in to Google services > > request_header_access X-GoogApps-Allowed-Domains deny all > > request_header_add X-GoogApps-Allowed-Domains consumer_accounts > > # Set YouTube safesearch restriction > > acl youtubedst dstdomain -n www.youtube.com m.youtube.com > youtubei.googleapis.com youtube.googleapis.com www.youtube-nocookie.com > > request_header_access YouTube-Restrict deny all > > request_header_add YouTube-Restrict none youtubedst > > acl sglog url_regex -i sgr=ACCESSDENIED > > http_access deny sglog > > # Custom SSL/MITM options before auth > > acl manager proto cache_object > > acl localhost src 192.168.1.1/32 > > #cachemgr_passwd disable offline_toggle reconfigure shutdown > > #cachemgr_passwd secret all > > acl https_login url_regex -i ^https.*(login|Login).* > > acl no_miss url_regex -i ^.*gateway.facebook.com/ws/realtime? > > acl no_miss url_regex -i ^.*web-chat-e2ee.facebook.com/ws/chat > > acl CONNECT method CONNECT > > acl wuCONNECT dstdomain www.update.microsoft.com > > acl wuCONNECT dstdomain sls.microsoft.com > > http_access allow CONNECT wuCONNECT localnet > > http_access allow CONNECT wuCONNECT localhost > > http_access allow windowsupdate localnet > > http_access allow windowsupdate localhost > > http_access deny manager > > > > acl BrokenButTrustedServers dstdomain '/usr/local/pkg/dstdom.broken' > > acl DomainMismatch ssl_error SQUID_X509_V_ERR_DOMAIN_MISMATCH > > sslproxy_cert_error allow BrokenButTrustedServers DomainMismatch > > sslproxy_cert_error deny all > > > > acl splice_only src 192.168.1.8 #Tasha iPhone > > acl splice_only src 192.168.1.10 #Jon iPhone > > acl splice_only src 192.168.1.11 #Amazon Fire > > acl splice_only src 192.168.1.15 #Tasha HP > > acl splice_only src 192.168.1.16 #iPad > > > > acl NoSSLIntercept ssl::server_name_regex -i '/usr/local/pkg/url.nobump' > > > > acl markBumped annotate_client bumped=true > > acl bump_only src 192.168.1.3 #webtv > > acl bump_only src 192.168.1.4 #toshiba > > acl bump_only src 192.168.1.5 #imac > > acl bump_only src 192.168.1.9 #macbook > > acl bump_only src 192.168.1.13 #dell > > > > You have a previous "cache allow all". This below rule does nothing. > > > cache deny https_login > > > > ssl_bump peek step1 > > miss_access deny no_miss > > ssl_bump splice https_login > > ssl_bump splice splice_only > > ssl_bump splice NoSSLIntercept > > ssl_bump bump bump_only markBumped > > ssl_bump stare all > > > > acl markedBumped note bumped true > > url_rewrite_access deny markedBumped > > > > http_access deny all > > read_ahead_gap 32 KB > > negative_ttl 1 second > > connect_timeout 30 seconds > > request_timeout 60 seconds > > half_closed_clients off > > shutdown_lifetime 10 seconds > > negative_dns_ttl 1 seconds > > ignore_unknown_nameservers on > > pipeline_prefetch 100 > > > > #acl SSLIntercept ssl::server_name_regex -i '/usr/local/pkg/url.bump' > > #ssl_bump bump SSLIntercept > > > > You already have an earlier "http_access deny all". The below lines do > nothing. > > > # Setup allowed ACLs > > # Allow local network(s) on interface(s) > > http_access allow localnet > > # Default block all to be sure > > http_access deny allsrc > > > > > HTH > Amos > > > ------------------------------ > > Subject: Digest Footer > > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > https://lists.squid-cache.org/listinfo/squid-users > > > ------------------------------ > > End of squid-users Digest, Vol 116, Issue 7 > ******************************************* > > <http://www.pbandt.bank>* CONFIDENTIALITY NOTICE: The information > contained in and attached to this email is intended only for the > confidential use of the person or entity to which the email is addressed. > This email and any attachments may contain privileged and confidential > information. If you are not the intended recipient, you are notified that > you received this email in error and that any reading, retention, use or > distribution of this email and attachments is strictly prohibited. If you > received this email in error, you are requested to immediately notify us by > calling 888-728-3550 or by return email and immediately and permanently > delete the email and any attachments. Thank you. * > > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > https://lists.squid-cache.org/listinfo/squid-users > -- Francesco
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users
