[squid-users] make URL bypass squid proxy
robert k Wild
robertkwild at gmail.com
Tue Jun 27 06:36:20 UTC 2023
Hi Eliezer,
this is a snippet of my whitelist and no intercept SSL config
#SSL Interception
acl DiscoverSNIHost at_step SslBump1
acl NoSSLIntercept ssl::server_name_regex
"/usr/local/squid/etc/interceptssl.txt"
ssl_bump peek DiscoverSNIHost
ssl_bump splice NoSSLIntercept
ssl_bump bump all
#
#SSL Bump
http_port 3128 ssl-bump cert=/usr/local/squid/etc/ssl_cert/myCA.pem
generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
sslcrtd_program /usr/local/squid/libexec/security_file_certgen -s
/var/lib/ssl_db -M 4MB
#
#deny up MIME types
acl upmime req_mime_type "/usr/local/squid/etc/mimedeny.txt"
#
#deny URL links
acl url_links url_regex "/usr/local/squid/etc/linksurl.txt"
#
#allow special URL paths
acl special_url url_regex "/usr/local/squid/etc/urlspecial.txt"
#
#deny down MIME types
acl downmime rep_mime_type "/usr/local/squid/etc/mimedeny.txt"
#
http_reply_access allow special_url
http_reply_access deny downmime
#http_access deny upmime
#http_access deny url_links
#
#HTTP_HTTPS whitelist websites
acl whitelist ssl::server_name_regex "/usr/local/squid/etc/urlwhite.txt"
#
http_access allow activation whitelist
http_access deny all
so basically no SSL interception
#SSL Interception
acl DiscoverSNIHost at_step SslBump1
acl NoSSLIntercept ssl::server_name_regex
"/usr/local/squid/etc/interceptssl.txt"
ssl_bump peek DiscoverSNIHost
ssl_bump splice NoSSLIntercept
ssl_bump bump all
and whitelisting
#HTTP_HTTPS whitelist websites
acl whitelist ssl::server_name_regex "/usr/local/squid/etc/urlwhite.txt"
in both txt files ie
/usr/local/squid/etc/interceptssl.txt
/usr/local/squid/etc/urlwhite.txt
i have a URL that first i have to whitelist and then if i want squid not to
inspect the url traffic i put it in the SSL interception (i do this as some
websites dont like MITM )
but even putting the URL in question in both files im still having issues
with this website ie its still being detected that its passing through a
proxy
thanks,
rob
On Mon, 26 Jun 2023 at 23:35, <ngtech1ltd at gmail.com> wrote:
> Hey Robert,
>
>
>
> I am not sure what forward proxy setup you have there.
>
> A simple forward proxy?
>
> What tool are you using for whitelisting?
>
> You can use an external acl helper to allow dynamic updates of the
> whitelists or
> to periodic update your lists and reload.
> It will depend on the size of your lists.
> What OS are you using for your squid proxy?
>
>
>
> More details will help us help you.
>
>
>
> Eliezer
>
>
>
> *From:* squid-users <squid-users-bounces at lists.squid-cache.org> *On
> Behalf Of *robert k Wild
> *Sent:* Monday, June 26, 2023 22:25
> *To:* Squid Users <squid-users at lists.squid-cache.org>
> *Subject:* [squid-users] make URL bypass squid proxy
>
>
>
> hi all,
>
>
>
> i have set up squid for url whitelisting and no intercept SSL (see below)
>
>
>
> https://wiki.squid-cache.org/ConfigExamples/Caching/AdobeProducts
>
>
>
> but some websites i want the client to bypass the squid proxy and go
> straight to the website as i think this is why a url isnt working even when
> i add the url to both files ie urlwhite and no intercept SSL
>
>
>
>
>
>
>
> thanks,
>
> rob
>
>
> --
>
> Regards,
>
> Robert K Wild.
>
--
Regards,
Robert K Wild.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20230627/6ba16129/attachment.htm>
More information about the squid-users
mailing list