[squid-users] SSL_bump and source IP
Amos Jeffries
squid3 at treenet.co.nz
Wed Jan 11 14:26:36 UTC 2017
On 12/01/2017 1:04 a.m., FredB wrote:
>
>> but not all requests from a specific source
>
>> what do you mean here?
>
> I mean no ssl-bump at all for a specific user, no matter the destinations
> I tried some acl without success
At the time of bumping Squid has no idea what a "user" is and things
like the X-Forwarded-For are probably also unknown/unavailable.
All you can assume being known about the client is the TCP detail
(IP:port), perhapse an IDENT label or TOS marking. Though I'm not sure
of the latter two.
>
>>> , maybe because I'm using x-forwarded ?
>
>> x-forwarded-for has nothing to do with this
>
> There is a known bug with sslbump and x-forwarded (bug about log) maybe there is a relation, my "fake" address is not known or something like this
That bug is relevant only in the case of clients being configured to use
the proxy as a forward/explicit proxy (no intercept or tproxy). In the
non-relevant traffic types XFF header is simply not existing, period.
Amos
More information about the squid-users
mailing list