RE: [squid-users] RE: SSLBUMP Issue with SSL websites

From: Muhammad Shehata <m.shehata_at_tedata.net>
Date: Sun, 15 Jul 2012 13:01:38 +0000

Dears,
    Is my question need any clarifications to be included as your response is very apperciated

Best Regards,
Muhammad Shehata

Dears,
Is there anyone can help me in the mentioned error
________________________________________
From: Muhammad Shehata
Sent: Tuesday, July 10, 2012 8:55 AM
To: squid-users_at_squid-cache.org<mailto:squid-users_at_squid-cache.org>
Cc: squid3_at_treenet.co.nz<mailto:squid3_at_treenet.co.nz>
Subject: SSLBUMP Issue with SSL websites

Dears,
hope you all are doing well
    actually I was following the replies on squid users-mail-list about sslbump issues with showing up some websites inline without images or css style sheet
like https://gmail.com and https://facebook.com as I have same issue in version squid 3.1.19, I know that when sslbump is enabled it intercept the CONNECT method and modify it to be GET method that when I used broken sites acl to exclude them however I see that the method is CONNECT for those excluded website not Get as all other bumped sites but it still the same result
1341837646.893 45801 x.x.x.x TCP_MISS/200 62017 CONNECT twitter.com:443 - DIRECT/199.59.150.7

acl broken_sites dstdomain .twitter.com
acl broken_sites dstdomain .facebook.com
ssl_bump deny broken_sites
ssl_bump allow all
http_port 192.168.0.1:3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=40MB cert=/etc/pki/tls/certs/sslintercept.crt key=/etc/pki/tls/certs/sslintercept.key
Received on Sun Jul 15 2012 - 13:02:22 MDT

This archive was generated by hypermail 2.2.0 : Sun Jul 15 2012 - 12:00:02 MDT