[squid-users] SSL_bump and source IP

Marcus Kool marcus.kool at urlfilterdb.com
Thu Feb 2 13:00:12 UTC 2017

The terminology may be confusing:
ssl_bump         means more or less "looking at HTTPS traffic"
ssl_bump splice  means "do not bump/intercept HTTPS traffic. No fake CA certificates are used"
ssl_bump bump    means "bump/intercept HTTPS traffic and use a fake CA certificate"

So the question is not about ssl_bump but about "ssl_bump bump".
To prevent the active bump, you need an acl to splice (leave the connection alone)
Something like this:

acl tls_s1_connect      at_step SslBump1

acl tls_vip_users    fill-in-your-details

ssl_bump splice    tls_vip_users	# do not peek/bump vip users
ssl_bump peek      tls_s1_connect	# peek at connections of other users
ssl_bump stare     all			# peek/stare at the server side of connections of other users
ssl_bump bump      all			# bump connections of other users


On 11/01/17 09:50, Matus UHLAR - fantomas wrote:
> On 11.01.17 11:37, FredB wrote:
>> I'm searching a way to exclude an user (account) or an IP from my lan
>> I can exclude a destination domain to decryption with SSL_bump
> simply define an ACL and deny bumping it.
>> but not all requests from a specific source
> what do you mean here?
>> , maybe because I'm using x-forwarded ?
> x-forwarded-for has nothing to do with this
> Maybe you should rephrase the question so we understant you better.

More information about the squid-users mailing list