[squid-users] Squid 3.5.24 - Exclude https sites from ssl_bump in Transparent Mode
Eliezer Croitoru
eliezer at ngtech.co.il
Sun Feb 19 11:12:57 UTC 2017
What is the content of: /etc/squid/exfiles.conf
And did you tried using:
ssl::server_name_regex -i "/etc/squid/doms.nobump"
/etc/squid/doms.nobump:
##START OF FILE
update\.microsoft\.com$
update\.microsoft\.com\.akadns\.net$
v10\.vortex\-win\.data\.microsoft.com$
settings\-win\.data\.microsoft\.com$
##END OF FILE
etc…
Eliezer
----
http://ngtech.co.il/lmgtfy/
Linux System Administrator
Mobile: +972-5-28704261
Email: eliezer at ngtech.co.il
From: squid-users [mailto:squid-users-bounces at lists.squid-cache.org] On Behalf Of Test1964
Sent: Sunday, February 19, 2017 12:22 PM
To: squid-users at lists.squid-cache.org
Subject: [squid-users] Squid 3.5.24 - Exclude https sites from ssl_bump in Transparent Mode
Hi,
When I try to exclude some sites like Banks (or even gmail.com) for users using squid in TRANSPARENT Mode,
I get in Squid log : "SECURITY ALERT: On URL......." (all servers and users using same dns, so this not an issue).
My config file regard to this:
acl step1 at_step SslBump1
acl step2 at_step SslBump2
acl step3 at_step SslBump3
ssl_bump splice localhost
acl exclude_sites ssl::server_name "/etc/squid/exfiles.conf"
ssl_bump peek step1 all
ssl_bump splice exclude_sites
ssl_bump stare step2 all
ssl_bump all
* all users use fake ips (172.x.x.x)
Any ideas how to fix ?
Thanks Dan
More information about the squid-users
mailing list