[squid-users] SSL_bump and source IP

Eliezer Croitoru eliezer at ngtech.co.il
Thu Feb 2 15:25:01 UTC 2017

You are not alone but you first need to define and understand your goals in a more technical way.
Squid can understand HTTP TLS\SSL IP and LAYER 2 MAC address.
If in one of these you can recognize that the client needs to be bypassed from SSL BUMP or interception in general you would be able to make it work.
If you have a portal that only android or mobile users can run and be identified at then you will need to first bump but give these specific users the option to somehow in the IP or LAYER 2 level be bypassed from being bumped.
If you have a WIFI network you can somehow make a trick with your radius server and usernames that will allow some clients((by IP) to be bypassed based on an external acl helper.

What do you think?


Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: eliezer at ngtech.co.il

-----Original Message-----
From: squid-users [mailto:squid-users-bounces at lists.squid-cache.org] On Behalf Of FredB
Sent: Thursday, February 2, 2017 1:38 PM
Cc: squid-users at lists.squid-cache.org
Subject: Re: [squid-users] SSL_bump and source IP

Thanks Eliezer

Unfortunately my "lan" is huge, many thousands of people, and MAC addresses are not known I'm very surprised, I'm alone with this ? Nobody needs to exclude some users from SSLBump ?

squid-users mailing list
squid-users at lists.squid-cache.org

More information about the squid-users mailing list