[squid-users] 3.5.8 intercept Whitelist http&https
Бараблин Дмитрий
d.barablin at nnov.volga.rt.ru
Thu Oct 15 06:25:36 UTC 2015
Hello all!
im trying to configure squid 3.5.8 as intercept with Whitelist ACLs on
HTTP and HTTPS.
what my config:
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl whitelist dstdom_regex -i "/etc/squid/whitelist"
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
dns_nameservers 8.8.8.8
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access allow localnet
http_access allow localhost
http_access deny all
acl whitelist_ssl ssl::server_name_regex -i "/etc/squid/whitelist_ssl"
http_port 10.0.0.185:3128 intercept
http_port 10.0.0.185:3130
https_port 10.0.0.185:3129 intercept ssl-bump
options=ALL:NO_SSLv3:NO_SSLv2 connection-auth=off
cert=/etc/squid/squidCA.pem
always_direct allow all
sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEER
cl step1 at_step SslBump1
ssl_bump peek step1
ssl_bump splice whitelist_ssl
ssl_bump peek whitelist_ssl
ssl_bump terminate all
this config nice work with HTTPS sites, but not filtered http. When im
added "http_access allow localnet whitelist", which stop at all sites.
whitelist&whitelist_ssl - both file have some contents aka
\.google-analytics\.com
\.googleapis\.com
\.google\.com
\.googleusercontent\.com
\.gstatic\.com
please tell me what I'm doing wrong!
--
WBR, Dmitry Barablin
More information about the squid-users
mailing list