Dear Squid-Users,
I’m configuring SSL_Bump to decrypt only a specific list of domains and to
splice (pass through encrypted) all others, but I’m seeing non-whitelisted
domains still being decrypted.
### Observed behavior (access log excerpt):
26.56.128.144 - - [27/May/2025:18:35:17 +0900] "CONNECT mariadb.org:443
HTTP/1.1" 200 0 TCP_DENIED:HIER_NONE
26.56.128.144 - - [27/May/2025:18:35:17 +0900] "GET https://mariadb.org/donate/
HTTP/1.1" 403 4076 NONE_NONE:HIER_NONE
lthough CONNECT is supposed to be denied at step1, Squid first responds with
“200 OK” (and presents a self-signed certificate), then the client issues a GET
which finally returns 403.
### My ssl_bump configuration:
acl step1 at_step SslBump1
acl bump_domains ssl::server_name "/home/user001/ssl_bump/ssl_bump_domain"
ssl_bump peek step1
ssl_bump splice step2 !bump_domains
ssl_bump bump step2 bump_domains
ssl_bump splice step3 all
Could you please advise why non-whitelisted domains are still being bumped and
how to properly prevent this behavior?
Thank you for your assistance.
Best regards,
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
https://lists.squid-cache.org/listinfo/squid-users
