[squid-users] SSL_bump and source IP
Marcus Kool
marcus.kool at urlfilterdb.com
Thu Feb 2 13:00:12 UTC 2017
The terminology may be confusing:
ssl_bump means more or less "looking at HTTPS traffic"
ssl_bump splice means "do not bump/intercept HTTPS traffic. No fake CA certificates are used"
ssl_bump bump means "bump/intercept HTTPS traffic and use a fake CA certificate"
So the question is not about ssl_bump but about "ssl_bump bump".
To prevent the active bump, you need an acl to splice (leave the connection alone)
Something like this:
acl tls_s1_connect at_step SslBump1
acl tls_vip_users fill-in-your-details
ssl_bump splice tls_vip_users # do not peek/bump vip users
ssl_bump peek tls_s1_connect # peek at connections of other users
ssl_bump stare all # peek/stare at the server side of connections of other users
ssl_bump bump all # bump connections of other users
Marcus
On 11/01/17 09:50, Matus UHLAR - fantomas wrote:
> On 11.01.17 11:37, FredB wrote:
>> I'm searching a way to exclude an user (account) or an IP from my lan
>> I can exclude a destination domain to decryption with SSL_bump
>
> simply define an ACL and deny bumping it.
>
>> but not all requests from a specific source
>
> what do you mean here?
>
>> , maybe because I'm using x-forwarded ?
>
> x-forwarded-for has nothing to do with this
>
> Maybe you should rephrase the question so we understant you better.
More information about the squid-users
mailing list