[squid-users] Identifying intercepted clients

Brendan Kearney bpk678 at gmail.com
Sun Apr 3 16:22:53 UTC 2016


with fedora 24 being released in a couple months, haproxy v1.6.x will be 
available, and the ability to easily intercept HTTP traffic will be in 
the version (see the set-uri directive).  with v1.6 i will be able to 
rewrite the URL, so that squid can process the request properly.  my 
problem is that i run authenticated access on the proxy, and will need 
to exempt the traffic from that restriction.

what mechanisms can i use to identify the fact that the client traffic 
has been intercepted, so that i can create ACLs to match the traffic?  i 
don't want to use things like IPs or User-Agent strings, as they may 
change or be unknown.

i was thinking about sending the intercepted traffic to a different 
port, say 3129, and then using localport to identify the traffic. with 
an ACL, i would exempt the traffic from auth, etc.  are there better 
options?  how are other folks dealing with intercepted and explicit 
traffic on the same box?

thanks,

brendan


More information about the squid-users mailing list