[squid-users] Peek and Splice for websites using HSTS

Yuri Voinov yvoinov at gmail.com
Fri Apr 10 17:05:09 UTC 2015 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
 
BTW, man, splice in most cases means "no bump".

Why do you expect that will happen bumping, if your URL is in splice ACL?

10.04.15 20:22, Ashish Patil пишет:
> Hello,
>
> I am trying to set up Peek and Splice using Squid 3.5.3. I'm facing issues
> setting it up for website that have HSTS enabled, like google.com and
> twitter.com.
>
> My squid.conf is:
> http_port 3128 intercept
> https_port 3129 intercept ssl-bump generate-host-certificates=on
> dynamic_cert_mem_cache_size=4MB cert=/usr/local/squid/ssl/myCA.pem
> acl step3 at_step SslBump3
> acl sslBumpAllowedDstDomain dstdomain google.co.in
> ssl_bump peek step3 all
> ssl_bump splice sslBumpAllowedDstDomain
> ssl_bump bump all
>
>
> The output of access.log is:
> 1428674512.281    511 192.168.3.31 TCP_MISS/301 634 GET
http://google.co.in/
> - ORIGINAL_DST/173.194.117.23 text/html
> 1428674512.703    348 192.168.3.31 TCP_MISS/302 1106 GET
> http://www.google.co.in/ - ORIGINAL_DST/173.194.117.24 text/html
> 1428674512.706      0 192.168.3.31 TAG_NONE/200 0 CONNECT
173.194.117.24:443
> - HIER_NONE/- -
> 1428674512.711      0 192.168.3.31 TAG_NONE/200 0 CONNECT
173.194.117.24:443
> - HIER_NONE/- -
> 1428674515.883      0 192.168.3.31 TAG_NONE/200 0 CONNECT
173.194.117.22:443
> - HIER_NONE/- -
> 1428674515.956      0 192.168.3.31 TAG_NONE/200 0 CONNECT
173.194.117.22:443
> - HIER_NONE/- -
> 1428674515.965      0 192.168.3.31 TAG_NONE/200 0 CONNECT
173.194.117.22:443
> - HIER_NONE/- -
> 1428674516.006      0 192.168.3.31 TAG_NONE/200 0 CONNECT
173.194.117.22:443
> - HIER_NONE/- -
> 1428674526.310      0 192.168.3.31 TAG_NONE/200 0 CONNECT
173.194.117.22:443
> - HIER_NONE/- -
> 1428674526.327      0 192.168.3.31 TAG_NONE/200 0 CONNECT
173.194.117.22:443
> - HIER_NONE/- -
> 1428674526.335      0 192.168.3.31 TAG_NONE/200 0 CONNECT
173.194.117.22:443
> - HIER_NONE/- -
> 1428674526.411      0 192.168.3.31 TAG_NONE/200 0 CONNECT
173.194.117.22:443
> - HIER_NONE/- -
>
>
> Any input would be welcome.
>
>
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
 
iQEcBAEBCAAGBQJVKALFAAoJENNXIZxhPexGAwAH/jTH4eX6W1RDp12zwGC4Fu8P
68eLUveFGb+pjtlML/fvBBmihp6QOi1sU/CswbqaowFw/A/dXLmZhdo/nZI474up
iYpiqZZ2nH2muvXjSU746p6LcjGAv0bHqXkXHQpDqfXnob7v1wJdNYVnthWw+t3Y
sCxBlTetuvyTO7iCYGZ7bB9oVspb7q4Vd4t7T079KCT2CkuyBOZrcB7IWAqigYoZ
BnJef33wZ45YCTzRmsbVpUZMZgFsNCtkTuVAXOfBewlwBORxoZ/sIXsecDTKRrJ6
0QntexRv4f+CBZiXJJvFdyA4U57yw5FHDgLcEFIPdfhW7xnRPxrgU3t9WXclDkc=
=mGMV
-----END PGP SIGNATURE-----

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20150410/3081e010/attachment.html>

More information about the squid-users mailing list