[squid-users] SSL_Bump: Unexpected decryption of non-whitelisted domains

中山稀斗 nakayamakito at icloud.com
Tue May 27 12:47:21 UTC 2025


Dear Squid-Users,

I’m configuring SSL_Bump to decrypt only a specific list of domains and to splice (pass through encrypted) all others, but I’m seeing non-whitelisted domains still being decrypted.

### Observed behavior (access log excerpt):
26.56.128.144 - - [27/May/2025:18:35:17 +0900] "CONNECT mariadb.org:443 HTTP/1.1" 200 0 TCP_DENIED:HIER_NONE
26.56.128.144 - - [27/May/2025:18:35:17 +0900] "GET https://mariadb.org/donate/ HTTP/1.1" 403 4076 NONE_NONE:HIER_NONE

lthough CONNECT is supposed to be denied at step1, Squid first responds with “200 OK” (and presents a self-signed certificate), then the client issues a GET which finally returns 403.

### My ssl_bump configuration:
acl step1 at_step SslBump1
acl bump_domains ssl::server_name "/home/user001/ssl_bump/ssl_bump_domain"

ssl_bump peek step1
ssl_bump splice step2 !bump_domains
ssl_bump bump step2 bump_domains
ssl_bump splice step3 all

Could you please advise why non-whitelisted domains are still being bumped and how to properly prevent this behavior?

Thank you for your assistance.

Best regards,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20250527/fd04cfcf/attachment.htm>


More information about the squid-users mailing list