[squid-users] original_dst wrong when using intercept

Alex Rousskov rousskov at measurement-factory.com
Wed May 23 01:36:50 UTC 2018


On 05/22/2018 03:27 PM, monopot wrote:
> ssl_bump peek step1 all
> ssl_bump peek step2 all
> ssl_bump splice step3 all
> ssl_bump terminate step2 all

Sorry, I cannot answer your primary question, but please note that the
above SslBump configuration is equivalent to

  ssl_bump peek all
  ssl_bump splice all

and your HTTP access rules:

> http_access allow all
> http_access allow SSL_port
> http_access deny all

are equivalent to the (most likely incorrect)

  http_access allow all

With http_access rules, please keep in mind that they are not applied to
each http_port directive. They are interepreted as one set of rules
across the whole configuration.


Cheers,

Alex.


More information about the squid-users mailing list