[squid-users] dynamic ACLs

Alex Rousskov rousskov at measurement-factory.com
Thu Apr 16 12:35:34 UTC 2020

On 4/16/20 5:09 AM, Vieri wrote:
> In sslbump tproxy "mode" one cannot authenticate user to limit/allow their access to web content.
> I was thinking however of making a web form with auth within a custom Squid error page. This way a user would "automatically" whitelist a web site and have access to it while the IT dep. would know which user accessed where despite the site being blacklisted.
> From the error page I can tell which ACL is blocking that site so I could create an "exception" ACL for that ACL.
> My question is: can this whitelist or graylist ACL be dynamic without needing to reload Squid, a bit like ipsets with iptables/nftables without the need to reload rules?

Yes, there are several ways to change Squid decisions without
reconfiguring Squid. The simplest one is the "external acl" mechanism:

More information about the squid-users mailing list