[squid-users] Identifying intercepted clients
Brendan Kearney
bpk678 at gmail.com
Sun Apr 3 16:22:53 UTC 2016
with fedora 24 being released in a couple months, haproxy v1.6.x will be
available, and the ability to easily intercept HTTP traffic will be in
the version (see the set-uri directive). with v1.6 i will be able to
rewrite the URL, so that squid can process the request properly. my
problem is that i run authenticated access on the proxy, and will need
to exempt the traffic from that restriction.
what mechanisms can i use to identify the fact that the client traffic
has been intercepted, so that i can create ACLs to match the traffic? i
don't want to use things like IPs or User-Agent strings, as they may
change or be unknown.
i was thinking about sending the intercepted traffic to a different
port, say 3129, and then using localport to identify the traffic. with
an ACL, i would exempt the traffic from auth, etc. are there better
options? how are other folks dealing with intercepted and explicit
traffic on the same box?
thanks,
brendan
More information about the squid-users
mailing list