[squid-users] Peek and splice where SNI not present
Alex Rousskov
rousskov at measurement-factory.com
Sun Oct 6 14:38:25 UTC 2019
On 10/4/19 10:34 PM, washuu wrote:
> ssl_bump peek step1
> ssl_bump splice step2 foo
> ssl_bump terminate step2 bar
FYI: You did not tell Squid what to do when neither foo nor bar ACLs
match during step2. Thus, older Squid will use some hard-to-predict
action, while modern Squids will splice (because a peek action matched
at the previous step). If splicing is the step2 default you want, then
consider making that decision explicit by rewriting this as
ssl_bump peek step1
ssl_bump splice foo
ssl_bump terminate bar
ssl_bump splice all
Alex.
More information about the squid-users
mailing list