[squid-users] Checking SSL bump status in http_access

Steve Hill steve at opendium.com
Thu Aug 18 14:45:32 UTC 2016


On 17/08/16 00:12, Amos Jeffries wrote:

>> Is there a way of figuring out if the current request is a bumped
>> request when the http_access ACL is being checked?  i.e. can we tell the
>> difference between a GET request that is inside a bumped tunnel, and an
>> unencrypted GET request?
>
> In Squid-3 a combo of the myportname and proto ACLs should do that.

I think when using a nontransparent proxy you can't tell the difference 
between:

1. HTTPS requests inside a bumped CONNECT tunnel, and
2. unencrypted "GET https://example.com/ HTTP/1.1" requests made 
directly to the proxy.


-- 
  - Steve Hill
    Technical Director
    Opendium    Online Safety / Web Filtering    http://www.opendium.com

    Enquiries                 Support
    ---------                 -------
    sales at opendium.com        support at opendium.com
    +44-1792-824568           +44-1792-825748


More information about the squid-users mailing list