[squid-users] Page not accessible when bumped (Cloudflare challenge?)

Beat Zahnd beat.zahnd at gmail.com
Sat Jan 23 12:45:39 UTC 2021


Hi all,

I have Squid 5.0.4 (same behaviour on old 4.x) running a simple SSL-bump setup as described in https://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit. 

http_port 3128 ssl-bump cert=/etc/squid/ssl_cert/myCA.pem generate-host-certificates=on dynamic_cert_mem_cache_size=4MB tls-dh=/etc/squid/ssl_cert/dhparam.pem
sslcrtd_program /usr/lib/squid/security_file_certgen -s /var/lib/ssl_db -M 4MB
acl step1 at_step SslBump1
acl nobump ssl::server_name "/etc/squid/nobump"
ssl_bump peek step1
ssl_bump splice nobump
ssl_bump bump all

Recently some pages started to not work anymore when bumped one example is https://www.ricardo.ch/de/a/alinghi-reconditionnee-rarete-1155873766/

All browser seem to get stuck wich enormous memory consumption. Seems that some challenge-response is driving them crazy. Seems to be from cloudflare...


What is happening here? Any ideas to get such pages still bumped?

Cheers


More information about the squid-users mailing list