[squid-users] SSLBUMP for specific domains

andre.bolinhas at articatech.com andre.bolinhas at articatech.com
Thu Jan 12 21:03:14 UTC 2023 

Hi Amos
Thansk for your quick reply, I have done it as example but now, even the internet surf is ok for all website I get to many TCP_TUNNEL/500  on access.log for all  websites that we are not decrypting

1673531433.924  31315 192.168.60.30 TCP_TUNNEL/500 4096 CONNECT sapo.pt:443 - HIER_DIRECT/213.13.146.142:443 - mac="d6:8b:66:2a:9b:92" accessrule:%20ntlm_white_dstdomain%0D%0Awebfilter:%20pass%0D%0Acategory:%203%0D%0Acategory-name:%20Society%0D%0Aclog:%20cinfo:3-Society;%0D%0A exterr="-|- splice"
1673531433.933  31324 192.168.60.30 TCP_TUNNEL/500 4695 CONNECT sapo.pt:443 - HIER_DIRECT/213.13.146.142:443 - mac="d6:8b:66:2a:9b:92" accessrule:%20ntlm_white_dstdomain%0D%0Awebfilter:%20pass%0D%0Acategory:%203%0D%0Acategory-name:%20Society%0D%0Aclog:%20cinfo:3-Society;%0D%0A exterr="-|- splice"
1673531437.798  35024 192.168.60.30 TCP_TUNNEL/500 76572 CONNECT www.sapo.pt:443 - HIER_DIRECT/213.13.146.142:443 - mac="d6:8b:66:2a:9b:92" accessrule:%20ntlm_white_dstdomain%0D%0Awebfilter:%20pass%0D%0Acategory:%203%0D%0Acategory-name:%20Society%0D%0Aclog:%20cinfo:3-Society;%0D%0A exterr="-|- splice"


-----Mensagem original-----
De: squid-users <squid-users-bounces at lists.squid-cache.org> Em Nome De Amos Jeffries
Enviada: 12 de janeiro de 2023 19:13
Para: squid-users at lists.squid-cache.org
Assunto: Re: [squid-users] SSLBUMP for specific domains

On 13/01/2023 6:37 am, andre.bolinhas wrote:
>
> Hi
>
> It’s possible configure squid to intercept ssl traffic just for a 
> group of domain and leave the all of rest out of ssl interceptation?
>

Yes, with one caveat: that Squid is able to identify the domain/server to make the decision.

> If so, can you send me an example of config?
>
> I have try search for this on Google and in forums but I just find 
> config to intercept all.
>

You will find a simple example here:
<https://wiki.squid-cache.org/Features/SslPeekAndSplice#peek-at-sni-and-bump>


Amos

_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

More information about the squid-users mailing list