Hi there, I'm a squid noob. I have been trying to configure squid for the past 3 days looking high and low on the interwebs and have not found exactly what i'm looking for. Here's the context: - the squid server is running in a server environment. It will not serve end-users, but servers. - privacy in regards to ssl interception is not a concern in this environment. - running squid: 3.5.23 on Ubuntu 16.04 Here are my goals: - whitelist approach for domains. i.e. i only want a handful of domains to be accessible. - i want to allow certain UA's to bypass the whitelist rules. I know that user agents are easy to spoof, but in this context and environment, it doesn't matter. I've pieced together the following configuration and have not been able to figure this out. Any help is greatly appreciated! ---------------------------------------------squid.conf------------------------------------------------- visible_hostname squid acl CONNECT method CONNECT access_log daemon:/var/log/squid/access.log combined #Handling HTTP requests http_port 3129 intercept acl allowed_http_sites dstdomain "/etc/squid/http_allow_domains.txt" http_access allow allowed_http_sites #Handling HTTPS requests https_port 3130 ssl-bump intercept cert=/etc/squid/ssl_cert/myCA.pem generate-host-certificates=on dynamic_cert_mem_cache_size=4MB sslcrtd_program /usr/lib/squid/ssl_crtd -s /var/lib/ssl_db -M 4MB acl SSL_port port 443 http_access allow SSL_port ## This route does not work with UA processing below, but properly terminates non-whitelisted sites # The ssl::server_name ACL will not work outside of the ssl_bump directive. acl allowed_https_sites ssl::server_name "/etc/squid/http_allow_domains.txt" acl step1 at_step SslBump1 acl step2 at_step SslBump2 acl step3 at_step SslBump3 ssl_bump peek step1 all ssl_bump peek step2 allowed_https_sites ssl_bump splice step3 allowed_https_sites ssl_bump terminate step2 all ## ## This route does not work at all at preventing non-whitelisted sites #acl allowed_https_sites ssl::server_name "/etc/squid/http_allow_domains.txt" #acl step1 at_step SslBump1 #acl step2 at_step SslBump2 #acl step3 at_step SslBump3 #ssl_bump peek step1 all #ssl_bump peek step2 allowed_https_sites #ssl_bump splice step3 allowed_https_sites #ssl_bump bump all ## ## Bypass the proxy by UA acl proxy_bypass_ua browser ^python-requests.*$ http_access allow proxy_bypass_ua # And finally deny all other access to this proxy http_access deny all -- Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
