Show Posts
1
Web Proxy Filtering and Caching / SSL Bump Client exception
« on: March 23, 2021, 12:00:13 pm »
Hello everybody,
i have managed to get some clients ssl bumped and some others not.
Unfortunately i only got it to work via modifying the squid.conf at the ssl_bump part:
Now i can enter single IPs or IP ranges in the nobumpclients.acl file and everything works as expected! :-)
My question is: Can this be achived in the custom conf folders, too? (pre-auth, auth, post-auth)? I tried but it seems my entries are ignored? Maybe this small addon is worth a commit to the official repo?
Via GUI it would be possible to create the nobumpclients entries in the correspondig file, analogous to the nobumpsites.
Any hints?
Thank You!
Stefan
i have managed to get some clients ssl bumped and some others not.
Unfortunately i only got it to work via modifying the squid.conf at the ssl_bump part:
Code: [Select]
# setup ssl bump acl's
acl bump_step1 at_step SslBump1
acl bump_step2 at_step SslBump2
acl bump_step3 at_step SslBump3
acl bump_nobumpsites ssl::server_name "/usr/local/etc/squid/nobumpsites.acl"
acl bump_nobumpclients src "/usr/local/etc/squid/nobumpclients.acl"
# configure bump
ssl_bump splice bump_nobumpclients
ssl_bump peek bump_step1 all
ssl_bump peek bump_step2 bump_nobumpsites
ssl_bump splice bump_step3 bump_nobumpsites
ssl_bump stare bump_step2
ssl_bump bump bump_step3
Now i can enter single IPs or IP ranges in the nobumpclients.acl file and everything works as expected! :-)
My question is: Can this be achived in the custom conf folders, too? (pre-auth, auth, post-auth)? I tried but it seems my entries are ignored? Maybe this small addon is worth a commit to the official repo?
Via GUI it would be possible to create the nobumpclients entries in the correspondig file, analogous to the nobumpsites.
Any hints?
Thank You!
Stefan