hi all, before i continue, so sorry for the stupid question but trying to learn
basically heres my squid.conf #NO SSL Interception acl DiscoverSNIHost at_step SslBump1 acl NoSSLIntercept ssl::server_name "/usr/local/squid/etc/nointerceptssl.txt" ssl_bump splice NoSSLIntercept ssl_bump peek DiscoverSNIHost ssl_bump bump all #SSL Bump http_port 3128 ssl-bump cert=/usr/local/squid/etc/ssl_cert/myCA.pem generate-host-certificates=on dynamic_cert_mem_cache_size=4MB sslcrtd_program /usr/local/squid/libexec/security_file_certgen -s /var/lib/ssl_db -M 4MB acl step1 at_step SslBump1 ssl_bump peek step1 ssl_bump bump all # #allow special URL paths acl special_url url_regex "/usr/local/squid/etc/urlspecial.txt" #deny MIME types acl mimetype rep_mime_type "/usr/local/squid/etc/mimedeny.txt" http_reply_access allow special_url http_reply_access deny mimetype # #HTTP_HTTPS whitelist websites acl whitelist ssl::server_name "/usr/local/squid/etc/urlwhite.txt" #HTTP_HTTPS whitelist websites regex acl whitelistreg ssl::server_name_regex "/usr/local/squid/etc/urlregwhite.txt" http_access allow activation whitelist http_access allow activation whitelistreg http_access deny all in my urlwhitelist is this #apple app store .p18-buy.itunes.apple.com .gsas.apple.com .se-edge.itunes.apple.com .ocsp2.apple.com .gsa.apple.com .osxapps.itunes.apple.com .xp.apple.com .search.itunes.apple.com .apptrailers-ssl.itunes.apple.com .apptrailers.itunes.apple.com .configuration.apple.com .amp-api.apps.apple.com .buy.itunes.apple.com .api-edge.apps.apple.com .play.itunes.apple.com .s.mzstatic.com .sf-api-token-service.itunes.apple.com .apps.mzstatic.com .init.itunes.apple.com .bag.itunes.apple.com in my nointerceptssl is this #apple app store .bag.itunes.apple.com .apps.mzstatic.com .play.itunes.apple.com .api-edge.apps.apple.com .amp-api.apps.apple.com .xp.apple.com .p18-buy.itunes.apple.com i got all the urls etc looking at tail -f access.log and greping the ip and tcp denied but when i try to load the apple app store the whitelist isnt enough, i need to add a couple of urls to the nointerceptssl i got that list by doing the same method ie looking at tail -f access.log and greping the ip but as ive already whitelisted the urls they all came back as none or ok instead of saying tcp denied my question is why do i need to add some urls to the nointerceptssl and why isnt it enough just to add it to urlwhite list rob -- Regards, Robert K Wild.
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
