1
17.1 Legacy Series / Proxy Squid - Splice All
« on: July 14, 2017, 03:00:20 pm »
Hallo all...
In Squid 3.5 it is possible to handle a TLS connection with splice all. In this case squid opens a TCP tunnel without decoding the connection. In squidguard (I know opnsense don't use squidguard) it is possible to block these connection with a blacklist (for example shallalist) like every html connection. If I tick Log SNI information only i can see in /usr/local/etc/squid/squid.conf that this is not the splice all action. Is there a way to block https connection without decoding the connection?
Thx.
In Squid 3.5 it is possible to handle a TLS connection with splice all. In this case squid opens a TCP tunnel without decoding the connection. In squidguard (I know opnsense don't use squidguard) it is possible to block these connection with a blacklist (for example shallalist) like every html connection. If I tick Log SNI information only i can see in /usr/local/etc/squid/squid.conf that this is not the splice all action. Is there a way to block https connection without decoding the connection?
Thx.