On 2/6/19 12:57 PM, Amos Jeffries wrote: > On 7/02/19 3:52 am, leo messi wrote: >> My squid config is something like this: >> acl blk ssl::server_name .google.com >> http_access deny blk >> http_access allow all
>> ssl_bump peek step1 >> ssl_bump splice all >> My problem is when i block some pages like google.com,my firefox browser >> show "secure connection failed",but i want it to show block page or >> warning page, how can i do this? > To cause anything at all to display in the browser you require fully > decrypting the traffic. Correct. > aka the 'bump' action. This part is misleading: Modern Squids _automatically_ bump connections to report [access denied] errors -- no explicit bump action is required (or even desirable). I do not know whether * that bumping does not happen for leo (e.g., due to Squid bugs), or * it does happen, but the browser refuses to show the error page anyway (because of certificate pinning and/or because Squid did not have enough information to properly bump the client connection using just step1 knowledge). A packet capture or an ALL,2 cache.log may distinguish those two cases. Alex. _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
