[squid-users] Allow some domains to bypass Squid

Nicolas Kovacs info at microlinux.fr
Sun Mar 11 20:17:18 UTC 2018


Le 11/03/2018 à 19:44, Yuri a écrit :
> It's trivial to implement. Here is my config snippet:
> 
> # SSL bump rules
> acl DiscoverSNIHost at_step SslBump1
> acl NoSSLIntercept ssl::server_name_regex
> "/usr/local/squid/etc/acl.url.nobump"
> ssl_bump peek DiscoverSNIHost
> ssl_bump splice NoSSLIntercept
> ssl_bump bump all
> 
> acl.ur.nobump fragment:
> 
> # Adobe updates (web installation)
> # This requires to splice due to SSL-pinned web-downloader
> (get|platformdl|fpdownload|ardownload[0-9])\.adobe\.com

I gave this configuration a spin on my local proxy, and it works great,
without special firewall rules.

Thanks very much! You made my day!

Niki

-- 
Microlinux - Solutions informatiques durables
7, place de l'église - 30730 Montpezat
Site : https://www.microlinux.fr
Blog : https://blog.microlinux.fr
Mail : info at microlinux.fr
Tél. : 04 66 63 10 32


More information about the squid-users mailing list