dynamically apply #73
Comments
|
You can try the Passthrough option (the -P option), globally, per proxyspec, or per filter rule. But it may or may not cover all the error conditions you want. |
That is, there is no dynamic decision-making? Is it possible to implement the following: dynamically add a rule to sslproxy.conf and update it without restarting the service itself (in this case the rule will appear) |
|
On certain ssl errors, the passthrough mode passes those connections through, which can be considered dynamic. |
I don't think this is quite what I'm looking for. I don't need SSLproxy to work only in Passthrough mode, because then it passes ALL traffic, I need to pass specific traffic, but which is UNKNOWN until that traffic itself is received. I hope you could understand me Do you think restarting the config is possible without turning off the service? It’s logical that I’ll do this function myself. |
|
and I want to process the rest of the traffic as before, via the SSL protocol. |
|
No, Passthrough mode does not work like that, it passes the connection through on error (something like fail-open). |
I don’t understand what kind of errors this happens. could you describe the list to me? |
|
For example, it happens on SSL errors while connecting to server. |
Can I dynamically apply a decision to problematic traffic about what to do with it (accept/drop)? Possibly using Pass rules from sslproxy.conf
Let’s say an error occurred with some traffic while the program was running, I want to decide what to do with the problematic traffic, let it pass without decrypting it or drop it
It is worth clarifying that it is not known in advance what kind of traffic it will be, and also that I do not want to let ALL traffic through without decryption, etc.
thx
The text was updated successfully, but these errors were encountered: