[squid-users] Fwd: Https blocked sites getting ssl error , with connection abruptly ending - Peek and splice feature

Alex Rousskov rousskov at measurement-factory.com
Fri Jan 25 18:19:33 UTC 2019


On 1/25/19 10:18 AM, bandeep2000 wrote:

> Have configured squid proxy with https whitelisted sites using ssl bump,
> peek and splice feature in transparent mode.


> Is there a way to terminate the connection with access denied message
> gracefully(with 403 error code)

Yes, there is, but it comes at a price: If you want to serve an HTTP
response to the TLS client, you must bump the client connection.
Actually, Squid will bump on errors automatically for you if you do
_not_ tell it to terminate the TLS connection in ssl_bump rules and rely
on http_access for access control instead. Here is an incomplete and
untested sketch to illustrate the idea:

  ssl_bump peek all
  ssl_bump splice all

  ... add rules to allow step1 CONNECT requests here ...
  http_access allow allowed_http_sites
  http_access deny all

Alex.


More information about the squid-users mailing list