[squid-users] Allow some domains to bypass Squid
Yuri
yvoinov at gmail.com
Sun Mar 11 20:24:25 UTC 2018
You're welcome ;)
This config works several years on my servers :)
12.03.2018 02:17, Nicolas Kovacs пишет:
> Le 11/03/2018 à 19:44, Yuri a écrit :
>> It's trivial to implement. Here is my config snippet:
>>
>> # SSL bump rules
>> acl DiscoverSNIHost at_step SslBump1
>> acl NoSSLIntercept ssl::server_name_regex
>> "/usr/local/squid/etc/acl.url.nobump"
>> ssl_bump peek DiscoverSNIHost
>> ssl_bump splice NoSSLIntercept
>> ssl_bump bump all
>>
>> acl.ur.nobump fragment:
>>
>> # Adobe updates (web installation)
>> # This requires to splice due to SSL-pinned web-downloader
>> (get|platformdl|fpdownload|ardownload[0-9])\.adobe\.com
> I gave this configuration a spin on my local proxy, and it works great,
> without special firewall rules.
>
> Thanks very much! You made my day!
>
> Niki
>
--
"C++ seems like a language suitable for firing other people's legs."
*****************************
* C++20 : Bug to the future *
*****************************
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: OpenPGP digital signature
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20180312/c5027de5/attachment.sig>
More information about the squid-users
mailing list