<div dir="ltr"><div>is it best to put my "ssl bump" and "no ssl interception" rules under <br></div><div><br></div><div># Recommended minimum Access Permission configuration:</div><div><br></div><div>or</div><div><br></div><div># INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS</div><div><br></div><div>#SSL Bump<br>http_port 3128 ssl-bump cert=/usr/local/squid/etc/ssl_cert/myCA.pem generate-host-certificates=on dynamic_cert_mem_cache_size=4MB<br>sslcrtd_program /usr/local/squid/libexec/security_file_certgen -s /var/lib/ssl_db -M 4MB<br>acl step1 at_step SslBump1<br>ssl_bump peek step1<br>ssl_bump bump all<br><br>#NO SSL Interception<br>acl DiscoverSNIHost at_step SslBump1<br>acl NoSSLIntercept ssl::server_name "/usr/local/squid/etc/pubkey.txt"<br>ssl_bump splice NoSSLIntercept<br>ssl_bump peek DiscoverSNIHost<br>ssl_bump bump all</div><div><br></div><div>thanks,</div><div>rob<br></div><div><br>-- <br><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr">Regards, <br><br>Robert K Wild.<br></div></div></div></div>