[squid-users] About SSL peek-n-splice/bump configurations
Amos Jeffries
squid3 at treenet.co.nz
Thu Sep 20 20:47:55 UTC 2018
On 20/09/18 9:35 AM, Donald Muller wrote:
> Amos,
>
> So instead of using squidguard are you saying you should use something like the following?
>
> acl ads dstdomain -i "/etc/squid/squid-ads.acl"
> acl adult dstdomain -i "/etc/squid/squid-adult.acl"
>
*If* those lists contain dstdomain format names. Otherwise, no some
other ACL may be better (dstdom_regex?).
NP: The -i should not be necessary on dstdomain since domain comparsions
are case insensitive and regex are not correct syntax for dstdomain.
Also, as Matus reminded me. I should have said up front this is
something to consider doing - you may decide no to for reasons. One of
which is if those lists are very large the helper can be faster.
> http_access deny ads
> http_access deny adult
>
> Do the lists need to be sorted in alphabetical order?
>
> Don
No. Squid does that. For dstdomain they do need to be reduced so you are
not adding a subdomain like "www.example.com" which overlaps a wildcard
domain like ".example.com" elsewhere in the list.
Amos
More information about the squid-users
mailing list