Re: [squid-users] where to put my own rules
Thanks Amos On Tue, 27 Jul 2021, 13:57 , wrote: > On 2021-07-28 00:25, robert k Wild wrote: > > is it best to put my "ssl bump" and "no ssl interception" rules under > > > > # Recommended minimum Access Permission configuration: > > > > or > > > > # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS > > > > Both of the above comments are about the ordering of http_access lines. > It is just a matter of convenience to put other directives custom config > there as well. > > The rules you are asking about do not (currently) matter where they go > in regard to *placement*. What matters for them is their *order* is > correct for what needs to be achieved. > > Amos > > ___ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users > ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] where to put my own rules
On 2021-07-28 00:25, robert k Wild wrote: is it best to put my "ssl bump" and "no ssl interception" rules under # Recommended minimum Access Permission configuration: or # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS Both of the above comments are about the ordering of http_access lines. It is just a matter of convenience to put other directives custom config there as well. The rules you are asking about do not (currently) matter where they go in regard to *placement*. What matters for them is their *order* is correct for what needs to be achieved. Amos ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
[squid-users] where to put my own rules
is it best to put my "ssl bump" and "no ssl interception" rules under # Recommended minimum Access Permission configuration: or # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS #SSL Bump http_port 3128 ssl-bump cert=/usr/local/squid/etc/ssl_cert/myCA.pem generate-host-certificates=on dynamic_cert_mem_cache_size=4MB sslcrtd_program /usr/local/squid/libexec/security_file_certgen -s /var/lib/ssl_db -M 4MB acl step1 at_step SslBump1 ssl_bump peek step1 ssl_bump bump all #NO SSL Interception acl DiscoverSNIHost at_step SslBump1 acl NoSSLIntercept ssl::server_name "/usr/local/squid/etc/pubkey.txt" ssl_bump splice NoSSLIntercept ssl_bump peek DiscoverSNIHost ssl_bump bump all thanks, rob -- Regards, Robert K Wild. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
