Hello Fellow Squid Users, I wanted to try to speed up my SSL interception caching, or optimize it
I have some small issues with some websites loading slowly not really bad just a small lag and I started to play around with all-of and any-of to create new concatenated acls. I have arp mac addresses being used to check for ip and mac address for approval of proxy use and some other items. Does this speed up anything I am trying to get the ssl bump items to have better performance. The splice side is lighting fast again I just wonder if anything can be done to speed up the bump side. I am attempting to combine and concatenate access control lists. the Mac address and IP address matching does work it has been for some time I am just attempting a better way to create a better single acl for use with the ssl_bump directive Here is the part of my config I am asking about see #!!!!!!! acl wpad urlpath_regex ^/wpad.dat$ acl wpad urlpath_regex ^/proxy.pac$ acl wpad urlpath_regex ^/wpad.da$ deny_info TCP_RESET wpad #deny_info 200:/etc/squid/wpad.dat wpad reply_header_access Content-Type deny wpad http_access deny wpad http_access deny !safeports http_access deny CONNECT !sslports #http_access allow localhost manager #http_access deny manager cachemgr_passwd disable offline_toggle reconfigure shutdown cachemgr_passwd CLASSIFIED all eui_lookup on acl no_miss url_regex -i gateway\.facebook\.com\/ws\/realtime\? acl no_miss url_regex -i web-chat-e2ee\.facebook\.com\/ws\/chat acl CONNECT method CONNECT acl wuCONNECT dstdomain www.update.microsoft.com acl wuCONNECT dstdomain sls.microsoft.com http_access allow CONNECT wuCONNECT localnet http_access allow CONNECT wuCONNECT localhost http_access allow CONNECT windowsupdate localnet http_access allow CONNECT windowsupdate localhost http_access allow CONNECT HttpAccess localnet http_access allow CONNECT HttpAccess localhost #http_access deny manager http_access deny to_ipv6 http_access deny from_ipv6 acl BrokenButTrustedServers dstdomain "/usr/local/pkg/dstdom.broken" acl DomainMismatch ssl_error SQUID_X509_V_ERR_DOMAIN_MISMATCH sslproxy_cert_error allow BrokenButTrustedServers DomainMismatch sslproxy_cert_error deny all acl splice_only src acl splice_only src acl splice_only src acl splice_only src acl splice_only src acl splice_only_mac arp MAC acl splice_only_mac arp MAC acl splice_only_mac arp MAC acl splice_only_mac arp MAC acl splice_only_mac arp MAC acl NoSSLIntercept ssl::server_name_regex -i "/usr/local/pkg/reg.url.nobump" acl NoBumpDNS dstdomain "/usr/local/pkg/dns.nobump" acl SSL_Intercept_Terminate dstdomain "/usr/local/pkg/url.bump" #acl markBumped annotate_client bumped=true #TESTING NOT USED acl active_use annotate_client active=true acl bump_only src acl bump_only src acl bump_only src #acl bump_only src acl bump_only src acl bump_only src acl bump_only_mac arp MAC acl bump_only_mac arp MAC acl bump_only_mac arp MAC acl bump_only_mac arp MAC acl bump_only_mac arp MAC #acl bump_only_mac arp MAC collapsed_forwarding on negative_dns_ttl 5 minutes coredump_dir /label/swap0 read_ahead_gap 64 KB pipeline_prefetch 100 happy_eyeballs_connect_timeout 10 memory_pools on #!!!!!!!! acl splice_group any-of https_login NoBumpDNS NoSSLIntercept #any of the splice lists OR acl || acl splice_only_local_group all-of splice_only_mac splice_only #MAC AND IP ADDRESS && acl splice_main any-of splice_group splice_only_local_group #combine to OR acl || acl bump_main all-of bump_only_mac bump_only #MAC AND IP ADDRESS && #!!!!!!!! ssl_bump peek step1 ssl_bump terminate SSL_Intercept_Terminate miss_access deny no_miss active_use #OLD WAY #ssl_bump splice https_login active_use #ssl_bump splice splice_only_mac splice_only active_use #ssl_bump splice NoBumpDNS active_use #ssl_bump splice NoSSLIntercept active_use #NEW WAY ONE ACL ssl_bump splice splice_main active_use #OLD WAY #ssl_bump bump bump_only_mac bump_only active_use #NEW WAY ONE ACL ssl_bump bump bump_main active_use acl activated note active_use true ssl_bump terminate !activated _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users