[squid-users] Checking SSL bump status in http_access
Steve Hill
steve at opendium.com
Thu Aug 18 14:45:32 UTC 2016
On 17/08/16 00:12, Amos Jeffries wrote:
>> Is there a way of figuring out if the current request is a bumped
>> request when the http_access ACL is being checked? i.e. can we tell the
>> difference between a GET request that is inside a bumped tunnel, and an
>> unencrypted GET request?
>
> In Squid-3 a combo of the myportname and proto ACLs should do that.
I think when using a nontransparent proxy you can't tell the difference
between:
1. HTTPS requests inside a bumped CONNECT tunnel, and
2. unencrypted "GET https://example.com/ HTTP/1.1" requests made
directly to the proxy.
--
- Steve Hill
Technical Director
Opendium Online Safety / Web Filtering http://www.opendium.com
Enquiries Support
--------- -------
sales at opendium.com support at opendium.com
+44-1792-824568 +44-1792-825748
More information about the squid-users
mailing list