[squid-users] destination ip to splice

Eliezer Croitoru eliezer at ngtech.co.il
Tue May 16 00:11:38 UTC 2017


I have a scenario which I want to disable ssl-bump for specific hosts ip
network masks.
In this scenario I want to allow all localnet(10.0.0.0/8, 192.168.0.0/16...)
https traffic to be spliced.
I tried to understand from the acl docs if there is such acl out there but
couldn't understand if it exists.
I am using squid in this scenario as a simple forward proxy and not in
intercept mode.
>From the next:
***** ACL TYPES AVAILABLE *****

	acl aclname src ip-address/mask ...	# clients IP address [fast]
	acl aclname src addr1-addr2/mask ...	# range of addresses [fast]
	acl aclname dst [-n] ip-address/mask ...	# URL host's IP
address [slow]
	acl aclname localip ip-address/mask ... # IP address the client
connected to [fast]

Is there a specific one that can help me with that or I should use
ssl::server_name_regex :
(^127\.0\.0\.1)|(^192\.168)|(^10\.)|(^172\.1[6-9])|(^172\.2[0-9])|(^172\.3[0
-1])

??

In intercept mode I can just use iptables to bypass the interception but in
a forward proxy mode I do not see another option.
This might not be the place but, would ever maybe such an option to bypass
squid parsing for specific destinations ie "splice" for special http
requests?

Thanks,
Eliezer

----
Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: eliezer at ngtech.co.il






More information about the squid-users mailing list