[squid-users] HTTPS issues with squidguard after upgrading from squid 2.7 to 3.5

Amos Jeffries squid3 at treenet.co.nz
Wed Jun 15 22:21:53 UTC 2016


On 16/06/2016 6:12 a.m., Eliezer Croitoru wrote:
> Hey Michael,
> 
>  
> 
> Well I have not tested FreeBSD dependencies and patches and I am not following them daily.
> 
> The issue itself with SquidGuard and the url_rewrite interface is more of an issue in most cases with CONNECT requests as you mentioned.
> 
> Since you are not using ssl_bump then you need to deny the traffic\requests in a way that will not leave squid or the clients and the session in an unknown or unexpected situation.
> 
> When the url_rewrite interface is used to "Deny" something it's not really denying but rather "rewriting" something due to it's nature.
> 

Well, sort of yes and sort of no.
 The url_rewrite_access allow/deny is allowing or denying the re-writer
ability to see that transaction at all. If its not even told about the
transaction it wont do anything to break it.

Amos



More information about the squid-users mailing list