<div dir="ltr">
<div>Hi
<span lang="EN-US">Eliezer</span>,</div><div><br></div><div>this is a snippet of my whitelist and no intercept SSL config</div><div><br></div><div>#SSL Interception<br>acl DiscoverSNIHost at_step SslBump1<br>acl NoSSLIntercept ssl::server_name_regex "/usr/local/squid/etc/interceptssl.txt"<br>ssl_bump peek DiscoverSNIHost<br>ssl_bump splice NoSSLIntercept<br>ssl_bump bump all<br>#<br>#SSL Bump<br>http_port 3128 ssl-bump cert=/usr/local/squid/etc/ssl_cert/myCA.pem generate-host-certificates=on dynamic_cert_mem_cache_size=4MB<br>sslcrtd_program /usr/local/squid/libexec/security_file_certgen -s /var/lib/ssl_db -M 4MB<br>#<br>#deny up MIME types<br>acl upmime req_mime_type "/usr/local/squid/etc/mimedeny.txt"<br>#<br>#deny URL links<br>acl url_links url_regex "/usr/local/squid/etc/linksurl.txt"<br>#<br>#allow special URL paths<br>acl special_url url_regex "/usr/local/squid/etc/urlspecial.txt"<br>#<br>#deny down MIME types<br>acl downmime rep_mime_type "/usr/local/squid/etc/mimedeny.txt"<br>#<br>http_reply_access allow special_url<br>http_reply_access deny downmime<br>#http_access deny upmime<br>#http_access deny url_links<br>#<br>#HTTP_HTTPS whitelist websites<br>acl whitelist ssl::server_name_regex "/usr/local/squid/etc/urlwhite.txt"<br>#<br>http_access allow activation whitelist<br>http_access deny all</div><div><br></div><div>so basically no SSL interception</div><div><br></div><div>
#SSL Interception<br>acl DiscoverSNIHost at_step SslBump1<br>acl NoSSLIntercept ssl::server_name_regex "/usr/local/squid/etc/interceptssl.txt"<br>ssl_bump peek DiscoverSNIHost<br>ssl_bump splice NoSSLIntercept<br>ssl_bump bump all <br></div><div><br></div><div>and whitelisting</div><div><br></div><div>
#HTTP_HTTPS whitelist websites<br>acl whitelist ssl::server_name_regex "/usr/local/squid/etc/urlwhite.txt" <br></div><div><br></div><div>in both txt files ie</div><div><br></div><div>
/usr/local/squid/etc/interceptssl.txt <br></div><div>
/usr/local/squid/etc/urlwhite.txt <br></div><div><br></div><div>i have a URL that first i have to whitelist and then if i want squid not to inspect the url traffic i put it in the SSL interception (i do this as some websites dont like MITM )</div><div><br></div><div>but even putting the URL in question in both files im still having issues with this website ie its still being detected that its passing through a proxy<br></div><div><br></div><div>thanks,</div><div>rob</div>
</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, 26 Jun 2023 at 23:35, <<a href="mailto:ngtech1ltd@gmail.com">ngtech1ltd@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div class="msg-7702170348507608482"><div style="overflow-wrap: break-word;"><div class="m_-7702170348507608482WordSection1"><p class="MsoNormal"><span lang="EN-US">Hey Robert,<u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p><p class="MsoNormal"><span lang="EN-US">I am not sure what forward proxy setup you have there.<u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-US">A simple forward proxy?<u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-US">What tool are you using for whitelisting?<u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-US">You can use an external <span class="m_-7702170348507608482SpellE">acl</span> helper to allow dynamic updates of the whitelists or<br>to periodic update your lists and reload.<br>It will depend on the size of your lists.<br>What OS are you using for your squid proxy?<u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p><p class="MsoNormal"><span lang="EN-US">More details will help us help you.<u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p><p class="MsoNormal"><span lang="EN-US">Eliezer<u></u><u></u></span></p><p class="MsoNormal"><span><u></u> <u></u></span></p><div style="border-color:rgb(225,225,225) currentcolor currentcolor;border-style:solid none none;border-width:1pt medium medium;padding:3pt 0in 0in"><p class="MsoNormal"><b><span lang="EN-US">From:</span></b><span lang="EN-US"> squid-users <<a href="mailto:squid-users-bounces@lists.squid-cache.org" target="_blank">squid-users-bounces@lists.squid-cache.org</a>> <b>On Behalf Of </b>robert k Wild<br><b>Sent:</b> Monday, June 26, 2023 22:25<br><b>To:</b> Squid Users <<a href="mailto:squid-users@lists.squid-cache.org" target="_blank">squid-users@lists.squid-cache.org</a>><br><b>Subject:</b> [squid-users] make URL bypass squid proxy<u></u><u></u></span></p></div><p class="MsoNormal"><u></u> <u></u></p><div><div><p class="MsoNormal">hi all,<u></u><u></u></p></div><div><p class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal">i have set up squid for url whitelisting and no intercept SSL (see below)<u></u><u></u></p></div><div><p class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal"><a href="https://wiki.squid-cache.org/ConfigExamples/Caching/AdobeProducts" target="_blank">https://wiki.squid-cache.org/ConfigExamples/Caching/AdobeProducts</a><u></u><u></u></p></div><div><p class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal">but some websites i want the client to bypass the squid proxy and go straight to the website as i think this is why a url isnt working even when i add the url to both files ie urlwhite and no intercept SSL<u></u><u></u></p></div><div><p class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal">thanks,<u></u><u></u></p></div><div><p class="MsoNormal">rob<u></u><u></u></p></div><div><p class="MsoNormal"><br><span class="m_-7702170348507608482gmailsignatureprefix">-- </span><u></u><u></u></p><div><div><p class="MsoNormal">Regards, <br><br>Robert K Wild.<u></u><u></u></p></div></div></div></div></div></div></div></blockquote></div><br clear="all"><br><span class="gmail_signature_prefix">-- </span><br><div dir="ltr" class="gmail_signature"><div dir="ltr">Regards, <br><br>Robert K Wild.<br></div></div>