[squid-users] squid http & https intercept based on DNS server

Steve Hill steve at opendium.com
Thu Nov 12 12:12:54 UTC 2015

On 12/11/15 12:08, James Lay wrote:

> Some applications (I'm thinking mobile apps) may or may not use a
> hostname...some may simply connect to an IP address, which makes control
> over DNS irrelevant at that point.  Hope that helps.

Also, redirecting all the DNS records to Squid will break everything 
that isn't http/https since there will be nothing on the squid server to 
handle that traffic.

It doesn't sound like a great idea to me - why not just redirect 
http/https traffic at the gateway (TPROXY) instead of mangling DNS?

  - Steve Hill
    Technical Director
    Opendium Limited     http://www.opendium.com

Direct contacts:
    Instant messager: xmpp:steve at opendium.com
    Email:            steve at opendium.com
    Phone:            sip:steve at opendium.com

Sales / enquiries contacts:
    Email:            sales at opendium.com
    Phone:            +44-1792-824568 / sip:sales at opendium.com

Support contacts:
    Email:            support at opendium.com
    Phone:            +44-1792-825748 / sip:support at opendium.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: steve.vcf
Type: text/x-vcard
Size: 283 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20151112/43ac0525/attachment.vcf>

More information about the squid-users mailing list