[squid-users] 3.5.8 intercept Whitelist http&https

Бараблин Дмитрий d.barablin at nnov.volga.rt.ru
Thu Oct 15 06:25:36 UTC 2015

Hello all!

im trying to configure squid 3.5.8 as intercept with Whitelist ACLs on 

what my config:

acl localnet src     # RFC1918 possible internal network
acl whitelist dstdom_regex -i "/etc/squid/whitelist"
acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access allow localnet
http_access allow localhost
http_access deny all
acl whitelist_ssl ssl::server_name_regex -i "/etc/squid/whitelist_ssl"
http_port intercept
https_port intercept ssl-bump 
options=ALL:NO_SSLv3:NO_SSLv2 connection-auth=off 
always_direct allow all
sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEER
cl step1 at_step SslBump1
ssl_bump peek step1
ssl_bump splice whitelist_ssl
ssl_bump peek whitelist_ssl
ssl_bump terminate all

this config nice work with HTTPS sites, but not filtered http. When im 
added "http_access allow localnet whitelist", which stop at all sites.

whitelist&whitelist_ssl - both file have some contents aka


please tell me what I'm doing wrong!

WBR, Dmitry Barablin

More information about the squid-users mailing list