[squid-users] Allow some domains to bypass Squid
Nicolas Kovacs
info at microlinux.fr
Sun Mar 11 08:33:07 UTC 2018
Le 11/03/2018 à 09:24, Amos Jeffries a écrit :
> What you need to start with is switch your thinking from "domains" to
> considering things in terms of connections and individual servers. Since
> "domain" is a URL concept, and URLs are all hidden inside the encrypted
> part of the traffic there is no knowing what that really is until after
> decryption.
>
> However when dealing with servers and connections, the connections TLS
> SNI can tell you which *server* a client is connecting to and you can
> decide to do the splice action based on which servers you are having
> trouble with (not domains).
>
> Or better yet, decide even earlier in your NAT system not to send that
> traffic to the proxy at all.
I'm sorry, but I don't understand what you're saying.
Here's what I want, It's very simple.
Create a text file that contains a list of domains. For example:
google.com
hotmail.com
github.com
credit-cooperatif.fr
And then all connections that go to anyone of these domains don't get
cached, but simply pass through Squid.
Thanks,
Niki
--
Microlinux - Solutions informatiques durables
7, place de l'église - 30730 Montpezat
Site : https://www.microlinux.fr
Blog : https://blog.microlinux.fr
Mail : info at microlinux.fr
Tél. : 04 66 63 10 32
More information about the squid-users
mailing list