<div dir="auto">I'm trying to figure out what can be done with 5.0.4.<div dir="auto">I believe there is either a bug or misunderstanding by me what and how things should be done or configured.</div><div dir="auto"><br></div><div dir="auto">The first thing is to be able to bump all and add exceptions.</div><div dir="auto">The second would be to bump specific sites.</div><div dir="auto">As i noticed in the past it seems that for a good splice and or bump I need the any-of acl to be used.</div><div dir="auto"><br></div><div dir="auto">Its a bit different then the way squid acls work in general.</div><div dir="auto"><br></div><div dir="auto">Eliezer</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sun, Jan 3, 2021, 17:06 Amos Jeffries <<a href="mailto:squid3@treenet.co.nz">squid3@treenet.co.nz</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On 4/01/21 3:12 am, ngtech1ltd wrote:<br>
> I am looking for domains lists that can be used for squid to be PCI<br>
> Certified.<br>
> <br>
> I have read this article:<br>
> <a href="https://www.imperva.com/learn/data-security/pci-dss-certification/" rel="noreferrer noreferrer" target="_blank">https://www.imperva.com/learn/data-security/pci-dss-certification/</a><br>
> <br>
> And couple others to try and understand what might a Squid proxy ssl-bump<br>
> exception rules should contain.<br>
> So technically we need:<br>
> - Banks<br>
> - Health care<br>
> - Credit Cards(Visa, Mastercard, others)<br>
> - Payments sites<br>
> - Antivirus(updates and portals)<br>
> - OS and software Updates signatures(ASC, MD5, SHAx etc..)<br>
> <br>
> * <a href="https://support.kaspersky.com/common/start/6105" rel="noreferrer noreferrer" target="_blank">https://support.kaspersky.com/common/start/6105</a><br>
> *<br>
> <a href="https://support.eset.com/en/kb332-ports-and-addresses-required-to-use-your-e" rel="noreferrer noreferrer" target="_blank">https://support.eset.com/en/kb332-ports-and-addresses-required-to-use-your-e</a><br>
> set-product-with-a-third-party-firewall<br>
> *<br>
> <a href="https://service.mcafee.com/webcenter/portal/oracle/webcenter/page/scopedMD/s" rel="noreferrer noreferrer" target="_blank">https://service.mcafee.com/webcenter/portal/oracle/webcenter/page/scopedMD/s</a><br>
> 55728c97_466d_4ddb_952d_05484ea932c6/Page29.jspx?wc.contextURL=%2Fspaces%2Fc<br>
> p&articleId=TS100291&_afrLoop=641093247174514&leftWidth=0%25&showFooter=fals<br>
> e&showHeader=false&rightWidth=0%25¢erWidth=100%25#!%40%40%3FshowFooter%3<br>
> Dfalse%26_afrLoop%3D641093247174514%26articleId%3DTS100291%26leftWidth%3D0%2<br>
> 525%26showHeader%3Dfalse%26wc.contextURL%3D%252Fspaces%252Fcp%26rightWidth%3<br>
> D0%2525%26centerWidth%3D100%2525%26_adf.ctrl-state%3D3wmxkd4vc_9<br>
> <br>
> <br>
> If someone has the documents which instructs what domains to not inspect it<br>
> would also help a lot.<br>
<br>
<br>
<br>
Are you trying to get Squid certified as a PCI WAF agent?<br>
or as security infrastructure agent?<br>
or as general networking agent?<br>
<br>
These roles matter in regards to the PCI requirement to detect malicious <br>
transactions.<br>
<br>
<br>
Amos<br>
_______________________________________________<br>
squid-users mailing list<br>
<a href="mailto:squid-users@lists.squid-cache.org" target="_blank" rel="noreferrer">squid-users@lists.squid-cache.org</a><br>
<a href="http://lists.squid-cache.org/listinfo/squid-users" rel="noreferrer noreferrer" target="_blank">http://lists.squid-cache.org/listinfo/squid-users</a><br>
</blockquote></div>