Re: [squid-users] Squid 3.5.10 SSL Bump whitelist domains

On 23/10/2015 3:01 a.m., luizca...@gmail.com wrote: > Here is the config I am currently using based on your suggestion earlier. > However it does not start. I have also added some questions to each for > verification purposes to make sure I am understanding what is actually going > on. > > http

Re: [squid-users] Squid 3.5.10 SSL Bump whitelist domains

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 BTW - you omit many important settings from squid.conf.default. You configuration is so dangerous. 22.10.15 20:01, luizca...@gmail.com пишет: > Here is the config I am currently using based on your suggestion earlier. > However it does not start.

Re: [squid-users] Squid 3.5.10 SSL Bump whitelist domains

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Never - I repeat, never! - Do not copy other people's pieces config, if you do not understand what they mean. It is not necessary to engage in copy-paste. In the case of configurations need to thoroughly understand what you are doing. net_bump is

Re: [squid-users] Squid 3.5.10 SSL Bump whitelist domains

Here is the config I am currently using based on your suggestion earlier. However it does not start. I have also added some questions to each for verification purposes to make sure I am understanding what is actually going on. https_port 4827 intercept ssl-bump generate-host-certificates=on dyn

Re: [squid-users] Squid 3.5.10 SSL Bump whitelist domains issue

On 22/10/2015 7:31 a.m., luizcasey wrote: > > > Hello, So what I am trying to accomplish here is to basically have a > whitelist of domains that is allowed via http/https. What you have actually configured is a whitelist with MUCH narrower criteria than that. > If the UID is > squid,apache, or

Re: [squid-users] Squid 3.5.10 SSL Bump whitelist domains

Alex, So what do you recommend to do here ? I just need a simple whitelist file for both http/https. I have a config that works on 3.4 but would like to upgrade to 3.5 and the current config we have won't cut it. Just need a simple if you are in this list allow if not deny. No need for any ssl v

Re: [squid-users] Squid 3.5.10 SSL Bump whitelist domains

On 10/21/2015 02:49 PM, Yuri Voinov wrote: > Working config snippet for 3.5.x looks like this: > > ssl_bump peek get_sni_at_step1 > ssl_bump splice spliced_hosts > ssl_bump bump net_bump The above config leaves the following question unanswered: Q: What happens if neither spliced_hosts nor net

Re: [squid-users] Squid 3.5.10 SSL Bump whitelist domains

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Working config snippet for 3.5.x looks like this: acl get_sni_at_step1 at_step SslBump1 ssl_bump peek get_sni_at_step1 acl spliced_hosts ssl::server_name_regex -i "/usr/local/squid/etc/url.nobump" ssl_bump splice spliced_hosts ssl_bump bump net_bu

Re: [squid-users] Squid 3.5.10 SSL Bump whitelist domains

There really isn’t anything in there right now since I am testing. /etc/squid/git_allowed_domains/allowed_domains" .facebook.com .cnn.com ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-user

Re: [squid-users] Squid 3.5.10 SSL Bump whitelist domains

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Show piece of allowed_domains file. 22.10.15 2:29, luizca...@gmail.com пишет: > Could you suggest a configuration that you think should be working ? I would > like both HTTP/HTTPS domains whitelisted via file all other domains blocked. What am

Re: [squid-users] Squid 3.5.10 SSL Bump whitelist domains

Could you suggest a configuration that you think should be working ? I would like both HTTP/HTTPS domains whitelisted via file all other domains blocked. What am I missing ? My assumption here is the acl nobumpSites ssl::server_name "/etc/squid/git_allowed_domains/allowed_domains” part is not wo

Re: [squid-users] Squid 3.5.10 SSL Bump whitelist domains

s I am open for suggestion. This configuration minus the peek/splice part works fine in 3.4.2. Not sure what changed in > 3.5 that causes this to fail. > > >> Date: Thu, 22 Oct 2015 00:59:36 +0600 >> From: Yuri Voinov >> To: squid-users@lists.squid-cache.org >>

Re: [squid-users] Squid 3.5.10 SSL Bump whitelist domains

: Re: [squid-users] Squid 3.5.10 SSL Bump whitelist domains > issue > Message-ID: <5627e098.1000...@gmail.com> > Content-Type: text/plain; charset="utf-8" > > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > First, you should put in order

Re: [squid-users] Squid 3.5.10 SSL Bump whitelist domains issue

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 First, you should put in order configurations. 22.10.15 0:31, luizca...@gmail.com пишет: > Hello, > So what I am trying to accomplish here is to basically have a whitelist of domains that is allowed via http/https. If the UID is squid,apache, or

[squid-users] Squid 3.5.10 SSL Bump whitelist domains issue

Hello, So what I am trying to accomplish here is to basically have a whitelist of domains that is allowed via http/https. If the UID is squid,apache, or root then basically you will bypass squid and anything is allowed. This was working well on 3.4.2 however once I moved to 3.5.10 it no longer