[squid-users] Identifying intercepted clients
bpk678 at gmail.com
Sun Apr 3 16:22:53 UTC 2016
with fedora 24 being released in a couple months, haproxy v1.6.x will be
available, and the ability to easily intercept HTTP traffic will be in
the version (see the set-uri directive). with v1.6 i will be able to
rewrite the URL, so that squid can process the request properly. my
problem is that i run authenticated access on the proxy, and will need
to exempt the traffic from that restriction.
what mechanisms can i use to identify the fact that the client traffic
has been intercepted, so that i can create ACLs to match the traffic? i
don't want to use things like IPs or User-Agent strings, as they may
change or be unknown.
i was thinking about sending the intercepted traffic to a different
port, say 3129, and then using localport to identify the traffic. with
an ACL, i would exempt the traffic from auth, etc. are there better
options? how are other folks dealing with intercepted and explicit
traffic on the same box?
More information about the squid-users