[squid-users] SSL_Bump

[Jonathan Lee]

Hello Fellow Squid Users can you please help?

Is there a better way to configure the access control lists?

ssl_bump peek step1
ssl_bump terminate SSL_Intercept_Terminate
miss_access deny no_miss active_use
ssl_bump splice splice_main active_use
ssl_bump bump bump_main active_use
acl activated note active_use true
ssl_bump terminate !activated
ssl_bump server-first all

Peek at step one get the http get request

Terminate the list I have configured (acl not seen)

Do not store any logins or etc (acl not seen)

Splice banks etc sites that ethically need to be spliced always that are used, and some devices that area always spliced iphones cell phones etc

Bump always devices and not the urls seens above they are spliced always.

Create my note as an acl as all ssl_bump items are noted with active_use

Now terminate everything that is not marked active (just a security precaution should the cache get an invasive container or something just a backup.

---> does server-first all need to be included ?

The ssl spice is super fast however bump is somewhat sluggish.

The goal here is to splice specific sites regardless of if it is a bump device or a splice always device,

Splice some devices all the time, and bump some devices all the time.

Thanks for your time.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20250119/19bd5970/attachment.htm>