[squid-users] High CPU Usage with ssl_bump
Amos Jeffries
squid3 at treenet.co.nz
Fri Apr 22 10:45:57 UTC 2016
On 22/04/2016 8:23 p.m., Odhiambo Washington wrote:
>
> Sure, I am really struggling to understand this. I would like to serve
> error pages. A complete example of this would really help. I am thinking,
> based on the two templates you gave and going with the one where squid
> intrudes, that it could be like below, but to be honest I am not sure so
> kindly correct me.
>
>
> acl time_wastage_sites_ssl ssl::server_name .facebook.com .youtube.com
> ssl_bump splice time_wastage_sites_ssl
> ssl_bump stare all
> ssl_bump bump all
> http_access allow time_wastage_sites_ssl privileged-staff
> http_access allow time_wastage_sites_ssl privileged-clients
> http_access allow time_wastage_sites_ssl TIMElunch
> http_access allow time_wastage_sites_ssl TIMEafterhoursAFT
> http_access allow time_wastage_sites_ssl TIMEafterhoursMORN
> http_access allow time_wastage_sites_ssl TIMEsatALLDAY
> http_access allow time_wastage_sites_ssl TIMEsundALLDAY
> http_access deny time_wastage_sites_ssl
>
In a file called "/etc/squid/tws":
.facebook.com
.youtube.com
squid.conf:
acl time_wastage_sites_ssl ssl::server_name "/etc/squid/tws"
acl time_wastage_sites_http dstdomain "/etc/squid/tws"
acl privileged_traffic any-of \
privileged-staff privileged-clients \
TIMElunch TIMEafterhoursAFT TIMEafterhoursMORN \
TIMEsatALLDAY TIMEsundALLDAY
http_access allow privileged_traffic
http_access deny time_wastage_sites_http
ssl_bump splice privileged_traffic time_wastage_sites_ssl
ssl_bump stare all
ssl_bump bump all
You can probably merge the TIME* ACLs down as well like:
# lunch
acl okay_times time ...
# afterhours PM
acl okay_times time ...
# afterhours AM
acl okay_times time ...
# Saturday and Sunday all day
acl okay_times time SA
Amos
More information about the squid-users
mailing list