Sie sind auf Seite 1von 2

10/3/2014

squid : ssl_bump configuration directive

squid-cache.org
Optimising Web Delivery

docs

download

donate

support

about

contact

shop

blog

Search

Squid configuration directive ssl_bump


Available in: 3.HEAD 3.4 3.3 3.2 3.1

search

History:
Changes in 3.3 ssl_bump

Introduction
About Squid Why Squid? Squid Developers How to Donate How to Help Out Getting Squid Squid Source Packages Squid Deployment CaseStudies Squid Software Foundation

New action types none, client-first, server-first. The default is none. Use of allow/deny is now deprecated and they should be removed as soon as possible. To retain the exact same behaviour between 3.3 and older releases replace deny with none, and allow with clientfirst. However an upgrade to server-first is the recommended. NOTE: M ixing of allow/deny with the new action types is prohibited and will cause Squid to exit with a FATAL error. Changes in 3.1 ssl_bump New Access control for which CONNECT requests to an http_port marked with an ssl-bump flag are actually "bumped". Please see the ssl-bump flag of an http_port option for more details about decoding proxied SSL connections. DEFAULT: No requests are bumped. NOCOM M ENT_START # Example: Bump all requests except those originating from localhost and # those going to webax.com or example.com sites. # # acl broken_sites dstdomain .webax.com # acl broken_sites dstdomain .example.com # ssl_bump deny localhost # ssl_bump deny broken_sites # ssl_bump allow all

Documentation
Configuration: Reference Examples FAQ and Wiki Guide Books: Beginners Definitive Non-English M ore...

Configuration Details:
Option Name: Replaces: Requires: Default Value: Suggested Config:
--enable-ssl Does not bump unless rules are present in squid.conf

ssl_bump

Support
Security Advisories Bugzilla Database M ailing lists Contacting us Commercial services Project Sponsors Squid-based products

T h i so p t i o ni sc o n s u l t e dw h e naC O N N E C Tr e q u e s ti sr e c e i v e do n a nh t t p _ p o r t( o ran e wc o n n e c t i o ni si n t e r c e p t e da ta n h t t p s _ p o r t ) ,p r o v i d e dt h a tp o r tw a sc o n f i g u r e dw i t ha ns s l b u m p f l a g .T h es u b s e q u e n td a t ao nt h ec o n n e c t i o ni se i t h e rt r e a t e da s H T T P Sa n dd e c r y p t e dO Rt u n n e l e da tT C Pl e v e lw i t h o u td e c r y p t i o n , d e p e n d i n go nt h ef i r s tb u m p i n g" m o d e "w h i c hA C L sm a t c h .

http://www.squid-cache.org/Doc/config/ssl_bump/

1/2

10/3/2014

squid : ssl_bump configuration directive

Miscellaneous
Developer Resources Related Writings Related Software: Authenticators Ecap Icap Ident Log Analysis M onitor Proxies Redirectors General Squid Artwork

s s l _ b u m p< m o d e >[ ! ] a c l. . . T h ef o l l o w i n gb u m p i n gm o d e sa r es u p p o r t e d : c l i e n t f i r s t A l l o wb u m p i n go ft h ec o n n e c t i o n .E s t a b l i s has e c u r ec o n n e c t i o n w i t ht h ec l i e n tf i r s t ,t h e nc o n n e c tt ot h es e r v e r .T h i so l dm o d e d o e sn o ta l l o wS q u i dt om i m i cs e r v e rS S Lc e r t i f i c a t ea n dd o e s n o tw o r kw i t hi n t e r c e p t e dS S Lc o n n e c t i o n s . s e r v e r f i r s t A l l o wb u m p i n go ft h ec o n n e c t i o n .E s t a b l i s has e c u r ec o n n e c t i o n w i t ht h es e r v e rf i r s t ,t h e ne s t a b l i s has e c u r ec o n n e c t i o nw i t h t h ec l i e n t ,u s i n gam i m i c k e ds e r v e rc e r t i f i c a t e .W o r k sw i t hb o t h C O N N E C Tr e q u e s t sa n di n t e r c e p t e dS S Lc o n n e c t i o n s . n o n e B e c o m eaT C Pt u n n e lw i t h o u td e c o d i n gt h ec o n n e c t i o n . W o r k sw i t hb o t hC O N N E C Tr e q u e s t sa n di n t e r c e p t e dS S L c o n n e c t i o n s .T h i si st h ed e f a u l tb e h a v i o rw h e nn o s s l _ b u m po p t i o ni sg i v e no rn os s l _ b u m pA C L sm a t c h . B yd e f a u l t ,n oc o n n e c t i o n sa r eb u m p e d .

Web Site Translations


Japanese

Mirrors
Website: at eu gr gr il jp nl pl us za ... full list

T h ef i r s tm a t c h i n gs s l _ b u m po p t i o nw i n s .I fn oA C L sm a t c h ,t h e c o n n e c t i o ni sn o tb u m p e d .U n l i k em o s ta l l o w / d e n yA C Ll i s t s ,s s l _ b u m p d o e sn o th a v ea ni m p l i c i t" n e g a t et h el a s tg i v e no p t i o n "r u l e .Y o u m u s tm a k et h a tr u l ee x p l i c i ti fy o uc o n v e r to l ds s l _ b u m pa l l o w / d e n y r u l e st h a tr e l yo ns u c ha ni m p l i c i tr u l e . T h i sc l a u s es u p p o r t sb o t hf a s ta n ds l o wa c lt y p e s . S e eh t t p : / / w i k i . s q u i d c a c h e . o r g / S q u i d F a q / S q u i d A c lf o rd e t a i l s . S e ea l s o :h t t p _ p o r ts s l b u m p ,h t t p s _ p o r ts s l b u m p

FTP Package Archive

#E x a m p l e :B u m pa l lr e q u e s t se x c e p tt h o s eo r i g i n a t i n gf r o m #l o c a l h o s to rt h o s eg o i n gt oe x a m p l e . c o m . a c lb r o k e n _ s i t e sd s t d o m a i n. e x a m p l e . c o m s s l _ b u m pn o n el o c a l h o s t s s l _ b u m pn o n eb r o k e n _ s i t e s s s l _ b u m ps e r v e r f i r s ta l l

Back

$Id: footer .inc,v 1.37 2013/05/09 06:37:55 squidadm Ex p $ Design by Fr ee CSS Templates. Template customisation by Alex Daw son and Adr ian Chadd. Icons fr om "Silk" collection by Mar k James of famfamfam.com All w eb content licensed under Cr eative Commons Attr ibution Shar ealike 2.5 License

http://www.squid-cache.org/Doc/config/ssl_bump/

2/2