websafety icon indicating copy to clipboard operation
websafety copied to clipboard

Published 20 hours ago verified publisher icon diladele

Download missing certificate MUST be always on (remove checkbox)

Open ra-at-diladele-com opened this issue 2 years ago • 0 comments

There are no reasons to have it set to off. If this is later required admin can manually change the squid.conf for that.

Note the fetched_certificate transaction initiator MUST be added to ALL exclusions - see #1854. Not sure how to better implement this - it might be needed to add series of denials for the exclusions.

like .. adaptation_access websafety1 deny fetched_certificate adaptation_access websafety2 deny fetched_certificate blabla the same for authentication, decryption, caching etc (although I think we have acl for caching already).

ra-at-diladele-com avatar May 25 '22 07:05 ra-at-diladele-com

We had it for

  • caching
  • authentication

Added to

  • web filter / av

As for the decryption - by the nature of missing cert fetch it is done using plain HTTP - so it never needs to be indicated as exclusion in decryption.

ra-at-diladele-com avatar Aug 31 '22 11:08 ra-at-diladele-com

Implemented, need to check.

ra-at-diladele-com avatar Aug 31 '22 14:08 ra-at-diladele-com