[squid-users] SSL intercept in explicit mode
Antony Stone
Antony.Stone at squid.open.source.it
Sat Apr 14 11:32:50 UTC 2018
On Saturday 14 April 2018 at 13:22:32, MK2018 wrote:
> I had used squid effectively and perfectly for more than a year before I
> could understand (on my own) how to craft an 'allow' or 'deny' line that
> contains all of: source acl, dst acl, connection method, HTTP command, TCP
> port, excluded dst acl, excluded HTTP command! There was no clear and to the
> point instructions on how to order those elements and correctly use them.
https://wiki.squid-cache.org/SquidFaq/SquidAcl
"An access list rule consists of an allow or deny keyword, followed by a list
of ACL element names.
An access list consists of one or more access list rules.
Access list rules are checked in the order they are written. List searching
terminates as soon as one of the rules is a match.
If a rule has multiple ACL elements, it uses AND logic. In other words, all
ACL elements of the rule must be a match in order for the rule to be a match."
"To summarize the ACL logics can be described as: (note: AND/OR below is just
for illustration, not part of the syntax)
http_access allow|deny acl AND acl AND ...
OR
http_access allow|deny acl AND acl AND ...
OR
..."
I thought that makes things quite clear.
https://wiki.squid-cache.org/SquidFaq/SquidAcl#ACL_elements has a
comprehensive list of the things you can check for in ACLs.
Antony.
--
There's a good theatrical performance about puns on in the West End. It's a
play on words.
Please reply to the list;
please *don't* CC me.
More information about the squid-users
mailing list