[squid-users] ssl_bump for specific dstdomain

Yuri Voinov yvoinov at gmail.com
Thu Mar 12 15:04:22 UTC 2015

Hash: SHA1

You only have external helper (which is must wrote yourself) in 3.4.x.

Works with domains in ssl bump fully available at least 3.5.x

12.03.15 21:01, Mukul Gandhi пишет:
> I am running squid 3.4.8 and am looking for solutions to ssl_bump
> for specific domains only. Going through the archives it is clear
> that it is not possible unless the reverse DNS points back to the
> domain that is to be ssl bumped.
> So then what is the solution to this problem. I just want to create
> a SSL whitelist of domains that are to be bumped and the rest
> should be tunneled through. What I have is -
> ssl_bump none localhost acl ssl_whitelist dstdomain
> "/tmp/ssl_whitelist.txt" ssl_bump server-first ssl_whitelist
> The file /tmp/ssl_whitelist.txt contains -
> .facebook.com .twitter.com .pintrest.com
> Of course, this doesn't work because the ip address for these
> websites points back to <something>.akamaitechnologies.com.
> All I want is to be able to decrypt just the traffic to these
> three web-sites, the rest should go through encrypted. But I
> couldn't find a solution for this anywhere in the archives. I did
> see some mention of using SslBump1/2/3 but it wasn't clear if this
> was the silver bullet. Also I would have to upgrade to 3.5 to use
> these new directives.
> Any idea how I can achieve this in 3.4.8 (if possible)? Or if I a
> solution exists for this in 3.5?
> Thanks, -Mukul
> _______________________________________________ squid-users mailing
> list squid-users at lists.squid-cache.org 
> http://lists.squid-cache.org/listinfo/squid-users
Version: GnuPG v2


More information about the squid-users mailing list