[squid-users] Container Based Issues Lock Down Password and Terminate SSL
Amos Jeffries
squid3 at treenet.co.nz
Sat Apr 27 10:07:30 UTC 2024
On 24/04/24 17:27, Jonathan Lee wrote:
> Hello fellow Squid users I wanted to ask a quick question for use with termination would http access for cache still work with this type of setup and custom refresh patterns?
>
> I think it would terminate all but the clients and if they use the cache it would be ok.
>
These things are sequential, but otherwise not directly related.
SSL-Bump is about TLS handshake opening a connection from a client.
The "ssl_bump splice" action allows the client connection to go through
Squid in the form of a blind tunnel. Caching (and thus refresh of cached
objects) is not applicable to tunneled traffic.
The "ssl_bump terminate" action closes the client connection
immediately. It should be obvious that nothing can be done in that
connection once it is closed. HTTP(S) and/or caching are irrelevant -
they can never happen on a terminated connection.
> But I think an invasive container would be blocked my goal here.
>
> acl markBumped annotate_client bumped=true
> acl active_use annotate_client active=true
> acl bump_only src 192.168.1.3 #webtv
> acl bump_only src 192.168.1.4 #toshiba
> acl bump_only src 192.168.1.5 #imac
> acl bump_only src 192.168.1.9 #macbook
> acl bump_only src 192.168.1.13 #dell
>
> acl bump_only_mac arp macaddresshere
> acl bump_only_mac arp macaddresshere
> acl bump_only_mac arp macaddresshere
> acl bump_only_mac arp macaddresshere
> acl bump_only_mac arp macaddresshere
>
> ssl_bump peek step1
> miss_access deny no_miss active_use
> ssl_bump splice https_login active_use
> ssl_bump splice splice_only_mac splice_only active_use
> ssl_bump splice NoBumpDNS active_use
> ssl_bump splice NoSSLIntercept active_use
> ssl_bump bump bump_only_mac bump_only active_use
> acl activated note active_use true
> ssl_bump terminate !activated
>
>
More information about the squid-users
mailing list