[squid-users] Squid ssl_bump always makes outbound connection
Eric Lackey
EricL at daveramsey.com
Sat Aug 25 14:35:32 UTC 2018
Using squid-4.2-1.el7.x86_64
I'm looking at ways to optimize Squid when using ssl_bump. We use the peek & splice approach now and it works pretty well.
While running some tests, I noticed that Squid always makes an outbound connection to the remote server regardless of when I terminate the connection. I'm trying to build a configuration that denies traffic immediately if the client SNI header doesn't match without making a connection to the remote host.
Here is a very simple configuration that should terminate all connections after step1. The connection is terminated, but by running a tcpdump at the same time, I see that Squid still makes an outbound connection.
acl step1 at_step SslBump1
ssl_bump terminate step1
I would expect that if I terminate after step1, the connection to the remote server should never be made. Can anyone help me understand why Squid would still make the outbound connection in this instance?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20180825/982e2a19/attachment.html>
More information about the squid-users
mailing list