[squid-users] Allowing URL with url_regex does not work
Francesco Chemolli
gkinkie at gmail.com
Tue Jan 28 21:56:21 UTC 2025
On Tue, Jan 28, 2025 at 9:47 PM Ervin Hegedüs <airween at gmail.com> wrote:
> Hi there,
>
> I would like to allow a specific URL for a specific client. This is how I
> try to do that:
>
> acl wordpressgravity url_regex -i
> ^https?://s3\.amazonaws\.com\/gravityforms\/releases\/.*
> acl vmapache1 src 172.30.40.5/32
> http_access allow vmapache1 wordpressgravity
>
Unless you are using SSL man-in-the-middle, Squid never sees the request
URL for https.
What it sees is a CONNECT request to the domain s3.amazonaws.com; it never
sees the full path.
This is intentional, by design of https.
> The URL is something like this:
>
>
> https://s3.amazonaws.com/gravityforms/releases/gravityforms_2.9.2.zip?AWSAccessKeyId=AKblahblah4F&Expires=1712345678&Signature=0cblahblah%3D
>
> but it does not work - I always get 403.
>
> What do I do wrong?
>
You can filter to the domain, using a combination of 3 acls:
- a CONNECT acl
- the vmapache1 acl
- a dstdomain acl for s3.amazonaws.com
It's not possible to filter the path
--
Francesco
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20250128/5c6189ff/attachment.htm>
More information about the squid-users
mailing list