[squid-users] Safesearch: blocking Google images error

Stanford Prescott stan.prescott at gmail.com
Fri Sep 4 17:48:26 UTC 2015


I have tried to enable safe searching with Squid 3.5.7 using ssl-bump
splice but when I enable it, browsing to https://google.com generates a
Squid error page saying there is no valid certificate. Browsing to all
other https sites loads the pages correctly and all other SSL-bump sites
get bumped and displayed correctly.

Has anyone had any luck getting this to work? Here is the relevant
squid.conf entries























*acl s1_tls_connect      at_step SslBump1acl s2_tls_client_hello at_step
SslBump2acl s3_tls_server_hello at_step SslBump3acl tls_server_name_is_ip
ssl::server_name_regex ^[0-9]+.[0-9]+.[0-9]+.[0-9]+nacl google
ssl::server_name .google.com <http://google.com>ssl_bump peek
s1_tls_connect      allacl nobumpSites ssl::server_name .wellsfargo.com
<http://wellsfargo.com>ssl_bump splice s2_tls_client_hello
nobumpSitesssl_bump splice s2_tls_client_hello googlessl_bump stare
s2_tls_client_hello allssl_bump bump  s3_tls_server_hello allcache_peer
forcesafesearch.google.com <http://forcesafesearch.google.com> parent 443 0
ssl name=GS originserver no-query no-netdb-exchange no-digestacl search
dstdomain .google.com <http://google.com>cache_peer_access GS allow
searchcache_peer_access GS deny allsslproxy_cert_error allow
tls_server_name_is_ipsslproxy_cert_error deny allsslproxy_flags
DONT_VERIFY_PEER*

Squid is in intercept mode, if that makes any difference.

Regards,

Stan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20150904/51f97707/attachment.html>


More information about the squid-users mailing list