[squid-users] Host header forgery affects pure splice environment too?

Jason Haar Jason_Haar at trimble.com
Sun Dec 27 22:57:58 UTC 2015


On 28/12/15 11:50, Yuri Voinov wrote:
> I think, to eliminate this error you need to splice all torify connections.
As I said - squid is configured to *only*  splice - there is no bump-ing
going on. So this is already the case

acl DiscoverSNIHost at_step SslBump1
ssl_bump peek DiscoverSNIHost
acl SSL_https port 443
ssl_bump splice SSL_https

-- 
Cheers

Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20151228/42ea0ab6/attachment.sig>


More information about the squid-users mailing list