Re: [squid-users] ssl-bump mode

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Tue, 08 Oct 2013 18:02:55 +1300

On 8/10/2013 8:07 a.m., Jury Bogdanov wrote:
> Yeah, you was right. When I replaced
> ssl_bump server-fist vk
>
> With
> ssl_bump server-first all
> it works. But I can't understand how to fix that. I don't want bump
> all connections.

That change was just a test to verify Alex theory was correct.

For the final config you need to find some ACL condition or test that
matches the traffic you want to match. You can do so with mutiple
ssl_bump lines and/or ACLs if necessary.

The specifics are up to you, but it sounds like to need to isolate the
IP's for that domain and permit bumping for them as well as for its
domain name.

Amos
Received on Tue Oct 08 2013 - 05:03:16 MDT

This archive was generated by hypermail 2.2.0 : Tue Oct 08 2013 - 12:00:21 MDT