# web applications running on the proxy server who think the only # We strongly recommend the following be uncommented to protect innocent # Deny CONNECT to other than secure SSL ports # Only allow cachemgr access from localhost # Recommended minimum Access Permission configuration: #acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machinesĪcl Safe_ports port 1025-65535 # unregistered ports #acl localnet src fc00::/7 # RFC 4193 local private network range #acl localnet src 192.168.0.0/16 # RFC1918 possible internal network #acl localnet src 172.16.0.0/12 # RFC1918 possible internal network #acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
# Adapt to list your (internal) IP networks from where browsing Http_port 3129 ssl-bump cert=/etc/squid/test.crt key=/etc/squid/test.key # Example rule allowing access from your local networks. Is this possible to intercept a ssl connection in bump without any browser warnings?Īcl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1Īcl trustedDomains dstdomain -i "/etc/squid/trusted_domains.txt"Īcl excludedDomains dstdomain -i "/etc/squid/excluded_domains.txt"Īcl trustedUrls url_regex -i "/etc/squid/allowed_urls.txt" Its working fine, but we got some ssl warnings in browser. So, we used ssl bump to intercept the https requests.
In a https request, we have control over domain only. If a user is connecting a web page via https, url_regex acl will not work. In our office, we are using squid to restrict users to connect only particular web sites and urls.