Skip to content

O
OpnSense
Commit f3c35f3f authored by Mikhail Morev's avatar Mikhail Morev Committed by GitHub
Browse files
Options

Update squid.conf for non-transparent SSL bumping 

Copied ssl-bump parameters from https-intercept listeners to usual http listener
parent bd188bd8
Hide whitespace changes
Inline Side-by-side
Showing with 8 additions and 0 deletions
src/opnsense/service/templates/OPNsense/Proxy/squid.conf
View file @ f3c35f3f
......@@ -23,14 +23,22 @@ http_port [::1]:{{ OPNsense.proxy.forward.port }} intercept
{% for interface in OPNsense.proxy.forward.interfaces.split(",") %}
{% for intf_key,intf_item in interfaces.iteritems() %}
{% if intf_key == interface and intf_item.ipaddr != 'dhcp' %}
{% if helpers.exists('OPNsense.proxy.forward.sslbump') and OPNsense.proxy.forward.sslbump == '1' %}
http_port {{intf_item.ipaddr}}:{{ OPNsense.proxy.forward.port }} ssl-bump cert=/var/squid/ssl/ca.pem dynamic_cert_mem_cache_size=10MB generate-host-certificates=on
{% else %}
http_port {{intf_item.ipaddr}}:{{ OPNsense.proxy.forward.port }}
{% endif %}
{% endif %}
{% endfor %}
{# virtual ip's #}
{% if helpers.exists('virtualip') %}
{% for intf_key,intf_item in virtualip.iteritems() %}
{% if intf_item.interface == interface and intf_item.mode == 'ipalias' %}
{% if helpers.exists('OPNsense.proxy.forward.sslbump') and OPNsense.proxy.forward.sslbump == '1' %}
http_port {{intf_item.subnet}}:{{ OPNsense.proxy.forward.port }} ssl-bump cert=/var/squid/ssl/ca.pem dynamic_cert_mem_cache_size=10MB generate-host-certificates=on
{% else %}
http_port {{intf_item.subnet}}:{{ OPNsense.proxy.forward.port }}
{% endif %}
{% endif %}
{% endfor %}
{% endif %}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Technounit-GROUP 2023