[squid-users] Allow some domains to bypass Squid
Nicolas Kovacs
info at microlinux.fr
Sun Mar 11 10:54:38 UTC 2018
Le 11/03/2018 à 11:17, Amos Jeffries a écrit :
> The process is not getting anywhere close to caching being relevant. The
> error you mentioned earlier is in the TLS handshake part of the process.
I've experimented some more, and I have a partial success. Here, I'm
redirecting all HTTPS traffic *except* the one that goes to my bank:
iptables -A PREROUTING -t nat -i $IFACE_LAN -p tcp ! -d
www.credit-cooperatif.coop --dport 443 -j REDIRECT --to-port 3129
This works because my bank is hosted on a single IP. As soon as I
replace that with a domain that's hosted on multiple IP's, I get this:
iptables -A PREROUTING -t nat -i $IFACE_LAN -p tcp ! -d www.google.com
--dport 443 -j REDIRECT --to-port 3129
# firewall.sh
iptables v1.4.21: ! not allowed with multiple source or destination IP
addresses
So my question is: how can I write an iptables rule (or series of rules)
that redirect all traffic to my proxy, *except* the one going to
<list_of_domains> ?
Cheers,
Niki
--
Microlinux - Solutions informatiques durables
7, place de l'église - 30730 Montpezat
Site : https://www.microlinux.fr
Blog : https://blog.microlinux.fr
Mail : info at microlinux.fr
Tél. : 04 66 63 10 32
More information about the squid-users
mailing list