Re: [squid-users] ssl-bump mode

From: Jury Bogdanov <mutaliskblr_at_gmail.com>
Date: Tue, 8 Oct 2013 10:35:07 +0300

Thanks for answers.

To isolate the IP's I need to know all of them. But I don't know all
IP's. Some domains have a lot of IP's.
Squid can't resolve the IP's?

2013/10/8 Amos Jeffries <squid3_at_treenet.co.nz>:
> On 8/10/2013 8:07 a.m., Jury Bogdanov wrote:
>>
>> Yeah, you was right. When I replaced
>> ssl_bump server-fist vk
>>
>> With
>> ssl_bump server-first all
>> it works. But I can't understand how to fix that. I don't want bump
>> all connections.
>
>
> That change was just a test to verify Alex theory was correct.
>
> For the final config you need to find some ACL condition or test that
> matches the traffic you want to match. You can do so with mutiple ssl_bump
> lines and/or ACLs if necessary.
>
> The specifics are up to you, but it sounds like to need to isolate the IP's
> for that domain and permit bumping for them as well as for its domain name.
>
> Amos
Received on Tue Oct 08 2013 - 07:35:13 MDT

This archive was generated by hypermail 2.2.0 : Wed Oct 09 2013 - 12:00:05 MDT