[squid-users] Dynamically updating iptables ipset to bypass squid.
Eliezer Croitoru
eliezer at ngtech.co.il
Fri Apr 27 00:50:37 UTC 2018
I talked to a developer which uses dnsmasq and it seems to have an option to
add resolved ip addresses into a linux ipset set.
So it is possible to dynamically add IP addresses of domains out of the
proxy interception.
Ideally an ICAP service will be able to see the request and redirect the
client using some 30X code to a request that will not be considered a loop.
And.. by the time the client will is being "redirected(maybe couple times)
the client traffic will no be intercept era at all leaving the OS and the
CPU to spend the right amount of resources.
Elizer
----
Eliezer Croitoru <http://ngtech.co.il/lmgtfy/>
Linux System Administrator
Mobile: +972-5-28704261
Email: eliezer at ngtech.co.il
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20180427/b1a0e57e/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 11307 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20180427/b1a0e57e/attachment-0001.png>
More information about the squid-users
mailing list