[squid-users] Peek and splice where SNI not present

Alex Rousskov rousskov at measurement-factory.com
Sun Oct 6 14:38:25 UTC 2019

On 10/4/19 10:34 PM, washuu wrote:
> ssl_bump peek step1
> ssl_bump splice step2 foo
> ssl_bump terminate step2 bar

FYI: You did not tell Squid what to do when neither foo nor bar ACLs
match during step2. Thus, older Squid will use some hard-to-predict
action, while modern Squids will splice (because a peek action matched
at the previous step). If splicing is the step2 default you want, then
consider making that decision explicit by rewriting this as

  ssl_bump peek step1
  ssl_bump splice foo
  ssl_bump terminate bar
  ssl_bump splice all


More information about the squid-users mailing list