[squid-users] Whitelist ONLY exception isn't working correctly
Amos Jeffries
squid3 at treenet.co.nz
Mon May 14 00:50:50 UTC 2018
On 14/05/18 12:35, Alex Rousskov wrote:
> On 05/13/2018 06:15 PM, Martin Hanson wrote:
>
>> # THIS ISN'T WORKING!!!
>> # https://www.ubuntu.com is blocked with "Access Denied" from Squid.
>> http_access allow windows_boxes whitelist
>
> I suspect the request is blocked during SslBump step1 because there is
> not enough information in the fake CONNECT request for ssl::server_name
> to match ubuntu.com. Please keep in mind that ssl::server_name does not
> do (reverse) DNS lookups, and the fake CONNECT request during step1 only
> has an IP address, not a domain name.
>
> One way to test this theory is to (temporary) http_access allow CONNECT
> requests to (ubuntu) IP addresses. Does that get you to SslBump step2,
> where the fake CONNECT usually gets a domain name?
>
Alex:
since you mentioned earlier that the SSL-Bump info based ACLs should
work in following transaction access controls should this work?
acl step1 at_step SslBump1
http_access allow CONNECT step1
Amos
More information about the squid-users
mailing list