[squid-users] About SSL peek-n-splice/bump configurations

Amos Jeffries squid3 at treenet.co.nz
Thu Sep 20 20:47:55 UTC 2018


On 20/09/18 9:35 AM, Donald Muller wrote:
> Amos,
> 
> So instead of using squidguard are you saying  you should use something like the following?
> 
> acl ads dstdomain -i "/etc/squid/squid-ads.acl"
> acl adult dstdomain -i "/etc/squid/squid-adult.acl"
> 

*If* those lists contain dstdomain format names. Otherwise, no some
other ACL may be better (dstdom_regex?).

NP: The -i should not be necessary on dstdomain since domain comparsions
are case insensitive and regex are not correct syntax for dstdomain.

Also, as Matus reminded me. I should have said up front this is
something to consider doing - you may decide no to for reasons. One of
which is if those lists are very large the helper can be faster.


> http_access deny ads
> http_access deny adult
> 
> Do the lists need to be sorted in alphabetical order?
> 
> Don

No. Squid does that. For dstdomain they do need to be reduced so you are
not adding a subdomain like "www.example.com" which overlaps a wildcard
domain like ".example.com" elsewhere in the list.

Amos


More information about the squid-users mailing list