Re: [squid-users] SSL_bump and source IP

2017-02-02 Thread Eliezer Croitoru
-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf Of FredB Sent: Thursday, February 2, 2017 1:38 PM Cc: squid-users@lists.squid-cache.org Subject: Re: [squid-users] SSL_bump and source IP Thanks Eliezer Unfortunately my "lan" is huge, many thousands of people, and MAC

Re: [squid-users] SSL_bump and source IP

2017-02-02 Thread FredB
> > acl tls_s1_connect at_step SslBump1 > > acl tls_vip_usersfill-in-your-details > > ssl_bump splicetls_vip_users # do not peek/bump vip users > ssl_bump peek tls_s1_connect # peek at connections of other > users > ssl_bump stare all#

Re: [squid-users] SSL_bump and source IP

2017-02-02 Thread Marcus Kool
The terminology may be confusing: ssl_bump means more or less "looking at HTTPS traffic" ssl_bump splice means "do not bump/intercept HTTPS traffic. No fake CA certificates are used" ssl_bump bumpmeans "bump/intercept HTTPS traffic and use a fake CA certificate" So the question is

Re: [squid-users] SSL_bump and source IP

2017-02-02 Thread Odhiambo Washington
I am with you on this. Unfortunately, the way a certain subject turns out not easy for someone in school, so does ssl_bump to me! On 2 February 2017 at 14:37, FredB wrote: > Thanks Eliezer > > Unfortunately my "lan" is huge, many thousands of people, and MAC > addresses are

Re: [squid-users] SSL_bump and source IP

2017-02-02 Thread FredB
Thanks Eliezer Unfortunately my "lan" is huge, many thousands of people, and MAC addresses are not known I'm very surprised, I'm alone with this ? Nobody needs to exclude some users from SSLBump ? Fredb ___ squid-users mailing list

Re: [squid-users] SSL_bump and source IP

2017-02-02 Thread Eliezer Croitoru
users-boun...@lists.squid-cache.org] On Behalf Of FredB Sent: Thursday, February 2, 2017 10:03 AM To: squid-users@lists.squid-cache.org Subject: Re: [squid-users] SSL_bump and source IP So how I can manage computers without my CA ? (eg: laptop temporary connected) In my situation I have

Re: [squid-users] SSL_bump and source IP

2017-02-02 Thread FredB
So how I can manage computers without my CA ? (eg: laptop temporary connected) In my situation I have also some smartphones in some case, connected to my squids, how I can exclude them from SSLBump ? I have already some ACL based on authentication (user azerty = with/without some rules)

Re: [squid-users] SSL_bump and source IP

2017-01-11 Thread Amos Jeffries
On 12/01/2017 1:04 a.m., FredB wrote: > >> but not all requests from a specific source > >> what do you mean here? > > I mean no ssl-bump at all for a specific user, no matter the destinations > I tried some acl without success At the time of bumping Squid has no idea what a "user" is and

Re: [squid-users] SSL_bump and source IP

2017-01-11 Thread FredB
> but not all requests from a specific source > what do you mean here? I mean no ssl-bump at all for a specific user, no matter the destinations I tried some acl without success >>, maybe because I'm using x-forwarded ? > x-forwarded-for has nothing to do with this There is a known bug with

Re: [squid-users] SSL_bump and source IP

2017-01-11 Thread Matus UHLAR - fantomas
On 11.01.17 11:37, FredB wrote: I'm searching a way to exclude an user (account) or an IP from my lan I can exclude a destination domain to decryption with SSL_bump simply define an ACL and deny bumping it. but not all requests from a specific source what do you mean here? , maybe

[squid-users] SSL_bump and source IP

2017-01-11 Thread FredB
Hello, I'm searching a way to exclude an user (account) or an IP from my lan I can exclude a destination domain to decryption with SSL_bump but not all requests from a specific source, maybe because I'm using x-forwarded ? Thanks Fred ___