On 12/28/2017 03:59 PM, squidnoob wrote: > Here are my goals: > - i only want a handful of domains to be accessible. > - i want to allow certain UA's to bypass the whitelist rules. Since you appear to have full control over the environment, have you tried bumping everything and applying your access rules to bumped (or plain) traffic? # bump everything ssl_bump stare all ssl_bump bump all # delay filtering decisions until we get to bumped requests http_access allow CONNECT toSafePorts http_access deny CONNECT # filter plain and bumped requests http_access allow certainUserAgents http_access allow handfulOfDomains http_access deny all The above allows all (safe) CONNECTs in case some CONNECT requests do not have User-Agent headers or lack other details important for your certainUserAgents and handfulOfDomains ACLs. Since you are bumping all those allowed CONNECTs and validating all "real" requests inside bumped tunnels, allowing all (safe) CONNECTs does not contradict your goals AFAICT. HTH, Alex. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
