[squid-users] Identifying intercepted clients

Brendan Kearney bpk678 at gmail.com
Sun Apr 3 16:22:53 UTC 2016

with fedora 24 being released in a couple months, haproxy v1.6.x will be 
available, and the ability to easily intercept HTTP traffic will be in 
the version (see the set-uri directive).  with v1.6 i will be able to 
rewrite the URL, so that squid can process the request properly.  my 
problem is that i run authenticated access on the proxy, and will need 
to exempt the traffic from that restriction.

what mechanisms can i use to identify the fact that the client traffic 
has been intercepted, so that i can create ACLs to match the traffic?  i 
don't want to use things like IPs or User-Agent strings, as they may 
change or be unknown.

i was thinking about sending the intercepted traffic to a different 
port, say 3129, and then using localport to identify the traffic. with 
an ACL, i would exempt the traffic from auth, etc.  are there better 
options?  how are other folks dealing with intercepted and explicit 
traffic on the same box?



More information about the squid-users mailing list