[squid-users] Squid 3.5.17 SSL-Bump Step1
admin
admin at tisiz72.ru
Mon May 16 10:47:55 UTC 2016
Amos Jeffries писал 2016-05-16 13:34:
> Please upgrade to 3.5.19.
Upgrade to 3.5.19
>> acl blocked_https ssl::server_name "/etc/squid/urls/block-url"
>> https_port 3129 intercept ssl-bump options=ALL:NO_SSLv3:NO_SSLv2
>> connection-auth=off cert=/etc/squid/squidCA.pem
>> acl step1 at_step SslBump1
>> ssl_bump peek step1
>> ssl_bump terminate blocked_https
>>
>> It works.
>
> Obviously not. There is no instruction what to do other than terminate.
> Squid is left to other circumstances to decide what is needed...
it works! :) if you have the opportunity to check on the virtual machine
>> But if I use
>>
>> acl users_no_inet src "/etc/squid/ip-groups/no-inet"
>> http_access deny users_no_inet
>
> ... you force bumping to happen in order to deliver the HTTP error message.
>
> Try adding this rule above the peek (and the ACL line too):
> ssl_bump terminate users_no_inet
trying, no success :(
I just do not understand the reason for such behavior. Why, if access is
allowed everything works, and if the ban on access to HTTP, you must
first see a message stating that my certificate has not been able to
match, and then later ERR_ACCESS_DENIED. Sorry for my English
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160516/695e32a5/attachment.html>
More information about the squid-users
mailing list