On 22 April 2016 at 13:45, Amos Jeffries <squ...@treenet.co.nz> wrote:
> On 22/04/2016 8:23 p.m., Odhiambo Washington wrote: > > > > Sure, I am really struggling to understand this. I would like to serve > > error pages. A complete example of this would really help. I am thinking, > > based on the two templates you gave and going with the one where squid > > intrudes, that it could be like below, but to be honest I am not sure so > > kindly correct me. > > > > > > acl time_wastage_sites_ssl ssl::server_name .facebook.com .youtube.com > > ssl_bump splice time_wastage_sites_ssl > > ssl_bump stare all > > ssl_bump bump all > > http_access allow time_wastage_sites_ssl privileged-staff > > http_access allow time_wastage_sites_ssl privileged-clients > > http_access allow time_wastage_sites_ssl TIMElunch > > http_access allow time_wastage_sites_ssl TIMEafterhoursAFT > > http_access allow time_wastage_sites_ssl TIMEafterhoursMORN > > http_access allow time_wastage_sites_ssl TIMEsatALLDAY > > http_access allow time_wastage_sites_ssl TIMEsundALLDAY > > http_access deny time_wastage_sites_ssl > > > > In a file called "/etc/squid/tws": > .facebook.com > .youtube.com > > > squid.conf: > acl time_wastage_sites_ssl ssl::server_name "/etc/squid/tws" > acl time_wastage_sites_http dstdomain "/etc/squid/tws" > > acl privileged_traffic any-of \ > privileged-staff privileged-clients \ > TIMElunch TIMEafterhoursAFT TIMEafterhoursMORN \ > TIMEsatALLDAY TIMEsundALLDAY > > http_access allow privileged_traffic > http_access deny time_wastage_sites_http > > ssl_bump splice privileged_traffic time_wastage_sites_ssl > ssl_bump stare all > ssl_bump bump all > > > > You can probably merge the TIME* ACLs down as well like: > # lunch > acl okay_times time ... > # afterhours PM > acl okay_times time ... > # afterhours AM > acl okay_times time ... > # Saturday and Sunday all day > acl okay_times time SA > > Amos > > Quoting Alex: " If you want Squid to not intrude except when terminating prohibited traffic, then start with this sketch: > ssl_bump terminate prohibited_traffic > ssl_bump peek all > ssl_bump splice all " So is it possible to achieve such a non-intrusive setup, but without 'terminate'? -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft."
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users