[squid-users] make URL bypass squid proxy

robert k Wild robertkwild at gmail.com
Tue Jun 27 20:29:19 UTC 2023 

Ok I've literally commented out "http deny all" so the proxy isn't blocking
anything and allowing everything

http_access allow activation whitelist
#http_access deny all

And still it's not allowing this specific URL to go through the proxy

activate.redshift3d.com

Well it is but it isn't, as it's an activation URL it isn't activating the
app via the proxy, as soon as I pop the pc on the internet, it activates
the app

Any ideas guys?

Thanks,
Rob

On Tue, 27 Jun 2023, 07:36 robert k Wild, <robertkwild at gmail.com> wrote:

> Hi Eliezer,
>
> this is a snippet of my whitelist and no intercept SSL config
>
> #SSL Interception
> acl DiscoverSNIHost at_step SslBump1
> acl NoSSLIntercept ssl::server_name_regex
> "/usr/local/squid/etc/interceptssl.txt"
> ssl_bump peek DiscoverSNIHost
> ssl_bump splice NoSSLIntercept
> ssl_bump bump all
> #
> #SSL Bump
> http_port 3128 ssl-bump cert=/usr/local/squid/etc/ssl_cert/myCA.pem
> generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
> sslcrtd_program /usr/local/squid/libexec/security_file_certgen -s
> /var/lib/ssl_db -M 4MB
> #
> #deny up MIME types
> acl upmime req_mime_type "/usr/local/squid/etc/mimedeny.txt"
> #
> #deny URL links
> acl url_links url_regex "/usr/local/squid/etc/linksurl.txt"
> #
> #allow special URL paths
> acl special_url url_regex "/usr/local/squid/etc/urlspecial.txt"
> #
> #deny down MIME types
> acl downmime rep_mime_type "/usr/local/squid/etc/mimedeny.txt"
> #
> http_reply_access allow special_url
> http_reply_access deny downmime
> #http_access deny upmime
> #http_access deny url_links
> #
> #HTTP_HTTPS whitelist websites
> acl whitelist ssl::server_name_regex "/usr/local/squid/etc/urlwhite.txt"
> #
> http_access allow activation whitelist
> http_access deny all
>
> so basically no SSL interception
>
> #SSL Interception
> acl DiscoverSNIHost at_step SslBump1
> acl NoSSLIntercept ssl::server_name_regex
> "/usr/local/squid/etc/interceptssl.txt"
> ssl_bump peek DiscoverSNIHost
> ssl_bump splice NoSSLIntercept
> ssl_bump bump all
>
> and whitelisting
>
> #HTTP_HTTPS whitelist websites
> acl whitelist ssl::server_name_regex "/usr/local/squid/etc/urlwhite.txt"
>
> in both txt files ie
>
> /usr/local/squid/etc/interceptssl.txt
> /usr/local/squid/etc/urlwhite.txt
>
> i have a URL that first i have to whitelist and then if i want squid not
> to inspect the url traffic i put it in the SSL interception (i do this as
> some websites dont like MITM )
>
> but even putting the URL in question in both files im still having issues
> with this website ie its still being detected that its passing through a
> proxy
>
> thanks,
> rob
>
> On Mon, 26 Jun 2023 at 23:35, <ngtech1ltd at gmail.com> wrote:
>
>> Hey Robert,
>>
>>
>>
>> I am not sure what forward proxy setup you have there.
>>
>> A simple forward proxy?
>>
>> What tool are you using for whitelisting?
>>
>> You can use an external acl helper to allow dynamic updates of the
>> whitelists or
>> to periodic update your lists and reload.
>> It will depend on the size of your lists.
>> What OS are you using for your squid proxy?
>>
>>
>>
>> More details will help us help you.
>>
>>
>>
>> Eliezer
>>
>>
>>
>> *From:* squid-users <squid-users-bounces at lists.squid-cache.org> *On
>> Behalf Of *robert k Wild
>> *Sent:* Monday, June 26, 2023 22:25
>> *To:* Squid Users <squid-users at lists.squid-cache.org>
>> *Subject:* [squid-users] make URL bypass squid proxy
>>
>>
>>
>> hi all,
>>
>>
>>
>> i have set up squid for url whitelisting and no intercept SSL (see below)
>>
>>
>>
>> https://wiki.squid-cache.org/ConfigExamples/Caching/AdobeProducts
>>
>>
>>
>> but some websites i want the client to bypass the squid proxy and go
>> straight to the website as i think this is why a url isnt working even when
>> i add the url to both files ie urlwhite and no intercept SSL
>>
>>
>>
>>
>>
>>
>>
>> thanks,
>>
>> rob
>>
>>
>> --
>>
>> Regards,
>>
>> Robert K Wild.
>>
>
>
> --
> Regards,
>
> Robert K Wild.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20230627/06fb3499/attachment.htm>

More information about the squid-users mailing list