<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On 22 April 2016 at 13:45, Amos Jeffries <span dir="ltr"><<a href="mailto:squid3@treenet.co.nz" target="_blank">squid3@treenet.co.nz</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><span class="">On 22/04/2016 8:23 p.m., Odhiambo Washington wrote:<br>
><br>
> Sure, I am really struggling to understand this. I would like to serve<br>
> error pages. A complete example of this would really help. I am thinking,<br>
> based on the two templates you gave and going with the one where squid<br>
> intrudes, that it could be like below, but to be honest I am not sure so<br>
> kindly correct me.<br>
><br>
><br>
> acl time_wastage_sites_ssl ssl::server_name .<a href="http://facebook.com" rel="noreferrer" target="_blank">facebook.com</a> .<a href="http://youtube.com" rel="noreferrer" target="_blank">youtube.com</a><br>
> ssl_bump splice time_wastage_sites_ssl<br>
> ssl_bump stare all<br>
> ssl_bump bump all<br>
> http_access allow time_wastage_sites_ssl privileged-staff<br>
> http_access allow time_wastage_sites_ssl privileged-clients<br>
> http_access allow time_wastage_sites_ssl TIMElunch<br>
> http_access allow time_wastage_sites_ssl TIMEafterhoursAFT<br>
> http_access allow time_wastage_sites_ssl TIMEafterhoursMORN<br>
> http_access allow time_wastage_sites_ssl TIMEsatALLDAY<br>
> http_access allow time_wastage_sites_ssl TIMEsundALLDAY<br>
> http_access deny time_wastage_sites_ssl<br>
><br>
<br>
</span>In a file called "/etc/squid/tws":<br>
.<a href="http://facebook.com" rel="noreferrer" target="_blank">facebook.com</a><br>
.<a href="http://youtube.com" rel="noreferrer" target="_blank">youtube.com</a><br>
<br>
<br>
squid.conf:<br>
acl time_wastage_sites_ssl ssl::server_name "/etc/squid/tws"<br>
acl time_wastage_sites_http dstdomain "/etc/squid/tws"<br>
<br>
acl privileged_traffic any-of \<br>
privileged-staff privileged-clients \<br>
TIMElunch TIMEafterhoursAFT TIMEafterhoursMORN \<br>
TIMEsatALLDAY TIMEsundALLDAY<br>
<br>
http_access allow privileged_traffic<br>
http_access deny time_wastage_sites_http<br>
<br>
ssl_bump splice privileged_traffic time_wastage_sites_ssl<br>
<span class=""> ssl_bump stare all<br>
ssl_bump bump all<br>
<br>
<br>
<br>
</span>You can probably merge the TIME* ACLs down as well like:<br>
# lunch<br>
acl okay_times time ...<br>
# afterhours PM<br>
acl okay_times time ...<br>
# afterhours AM<br>
acl okay_times time ...<br>
# Saturday and Sunday all day<br>
acl okay_times time SA<br>
<div class=""><div class="h5"><br>
Amos</div><div class="h5"><br></div></div></blockquote><div><br></div><div>Quoting Alex:</div><span style="color:rgb(80,0,80);font-size:12.8px">"</span></div><div class="gmail_quote"><span style="color:rgb(80,0,80);font-size:12.8px">If you want Squid to not intrude except when terminating prohibited</span><span style="color:rgb(80,0,80);font-size:12.8px"> traffic, then start with this sketch:</span><br style="color:rgb(80,0,80);font-size:12.8px"><br style="color:rgb(80,0,80);font-size:12.8px"><span style="color:rgb(80,0,80);font-size:12.8px">> ssl_bump terminate prohibited_traffic</span><br style="color:rgb(80,0,80);font-size:12.8px"><span style="color:rgb(80,0,80);font-size:12.8px">> ssl_bump peek all</span><br style="color:rgb(80,0,80);font-size:12.8px"><div><span style="color:rgb(80,0,80);font-size:12.8px">> ssl_bump splice all</span> </div></div>"</div><div class="gmail_extra"><br></div><div class="gmail_extra">So is it possible to achieve such a non-intrusive setup, but without 'terminate'? </div><div class="gmail_extra"><br></div><div class="gmail_extra"><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr"><div>Best regards,<br>Odhiambo WASHINGTON,<br>Nairobi,KE<br>+254 7 3200 0004/+254 7 2274 3223<br>"<span style="font-size:12.8px">Oh, the cruft.</span><span style="font-size:12.8px">"</span></div></div></div>
</div></div>