[squid-users] Squid 3.5.24 - Exclude https sites from ssl_bump in Transparent Mode

Test1964 test1964 at gmail.com
Sun Feb 19 10:22:26 UTC 2017


When I try to exclude some sites like Banks (or even gmail.com) for 
users using squid in TRANSPARENT Mode,
I get in Squid log : "SECURITY ALERT: On URL......." (all servers and 
users using same dns, so this not an issue).
My config file regard to this:

acl step1 at_step SslBump1
acl step2 at_step SslBump2
acl step3 at_step SslBump3

ssl_bump splice localhost

acl exclude_sites ssl::server_name "/etc/squid/exfiles.conf"

ssl_bump peek step1 all

ssl_bump splice exclude_sites
ssl_bump stare step2 all

ssl_bump all

* all users use fake ips (172.x.x.x)

Any ideas how to fix ?

Thanks Dan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20170219/a5126541/attachment.html>

More information about the squid-users mailing list