[squid-users] ssl-bump does not redirect to block page

Amos Jeffries squid3 at treenet.co.nz
Wed Feb 6 19:57:56 UTC 2019


On 7/02/19 3:52 am, leo messi wrote:
> Hi
> My squid config is something like this:
> acl blk ssl::server_name .google.com
> http_access deny blk
> http_access allow all
> 
...
> 
> acl step1 at_step SslBump1
> ssl_bump peek step1
> ssl_bump splice all
> 
> 
> My problem is when i block some pages like google.com,my firefox browser
> show "secure connection failed",but i want it to show block page or
> warning page, how can i do this?


You have chosen to splice the traffic. So far only TCP SYN packet and
TLS clientHello have happened. There is no HTTP request to 'redirect'.

To cause anything at all to display in the browser you require fully
decrypting the traffic. aka the 'bump' action.
Please see <https://wiki.squid-cache.org/Features/SslPeekAndSplice>


Amos


More information about the squid-users mailing list