[squid-users] Container Based Issues Lock Down Password and Terminate SSL

Jonathan Lee jonathanlee571 at gmail.com
Sat Apr 27 14:51:48 UTC 2024 

Thank you for the reply. Thank you for confirming that the connections that are started are not effected by the last ACL, thus clients not on acls prior would be blocked and not allowed to access the cache. However ones that are would be able to use the cache. 


Jonathan Lee
Adult Student
Sent from my iPhone

> On Apr 27, 2024, at 03:07, Amos Jeffries <squid3 at treenet.co.nz> wrote:
> 
> On 24/04/24 17:27, Jonathan Lee wrote:
>> Hello fellow Squid users I wanted to ask a quick question for use with termination would http access for cache still work with this type of setup and custom refresh patterns?
>> I think it would terminate all but the clients and if they use the cache it would be ok.
> 
> These things are sequential, but otherwise not directly related.
> 
> SSL-Bump is about TLS handshake opening a connection from a client.
> 
> The "ssl_bump splice" action allows the client connection to go through Squid in the form of a blind tunnel. Caching (and thus refresh of cached objects) is not applicable to tunneled traffic.
> 
> 
> The "ssl_bump terminate" action closes the client connection immediately. It should be obvious that nothing can be done in that connection once it is closed. HTTP(S) and/or caching are irrelevant - they can never happen on a terminated connection.
> 
> 
> 
>> But I think an invasive container would be blocked my goal here.
>> acl markBumped annotate_client bumped=true
>> acl active_use annotate_client active=true
>> acl bump_only src 192.168.1.3 #webtv
>> acl bump_only src 192.168.1.4 #toshiba
>> acl bump_only src 192.168.1.5 #imac
>> acl bump_only src 192.168.1.9 #macbook
>> acl bump_only src 192.168.1.13 #dell
>> acl bump_only_mac arp macaddresshere
>> acl bump_only_mac arp macaddresshere
>> acl bump_only_mac arp macaddresshere
>> acl bump_only_mac arp macaddresshere
>> acl bump_only_mac arp macaddresshere
>> ssl_bump peek step1
>> miss_access deny no_miss active_use
>> ssl_bump splice https_login active_use
>> ssl_bump splice splice_only_mac splice_only active_use
>> ssl_bump splice NoBumpDNS active_use
>> ssl_bump splice NoSSLIntercept active_use
>> ssl_bump bump bump_only_mac bump_only active_use
>> acl activated note active_use true
>> ssl_bump terminate !activated
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> https://lists.squid-cache.org/listinfo/squid-users

More information about the squid-users mailing list