[squid-users] Allowing URL with url_regex does not work
Ervin Hegedüs
airween at gmail.com
Wed Jan 29 10:34:35 UTC 2025
Hi,
On Tue, Jan 28, 2025 at 09:56:21PM +0000, Francesco Chemolli wrote:
> On Tue, Jan 28, 2025 at 9:47 PM Ervin Hegedüs <airween at gmail.com> wrote:
> >
> > acl wordpressgravity url_regex -i
> > ^https?://s3\.amazonaws\.com\/gravityforms\/releases\/.*
> > acl vmapache1 src 172.30.40.5/32
> > http_access allow vmapache1 wordpressgravity
> >
>
> Unless you are using SSL man-in-the-middle, Squid never sees the request
> URL for https.
> What it sees is a CONNECT request to the domain s3.amazonaws.com; it never
> sees the full path.
> This is intentional, by design of https.
ah, thanks - I thought that's not possible, but I saw there are
many post/comments in forums where other admins used this form,
and mentioned that worked... But now it's clear.
> You can filter to the domain, using a combination of 3 acls:
> - a CONNECT acl
> - the vmapache1 acl
> - a dstdomain acl for s3.amazonaws.com
>
> It's not possible to filter the path
yeah, that works for me.
Thanks again.
a.
More information about the squid-users
mailing list