Hi, I have a use case that I want to access a certain URL path of a domain but not other. i.e. I want client to be able to access example.com/abc/login, but not other paths. Hence, I created ACL rule to achieve that, see below: ``` acl to_domain_whitelist url_regex "/squid-config/whitelist/allow.acl" acl http port 80 acl https port 443 acl connect method CONNECT http_access allow all to_domain_whitelist http_access deny all http_reply_access allow all acl step1 at_step SslBump1 acl step2 at_step SslBump2 acl step3 at_step SslBump3 ssl_bump peek step3 ssl_bump bump all ``` However the above code does not work properly, the URL regex matching happens before Squid performs decryption so that it can only match against the host name instead of full URL path. I wonder if there's a way to perform the URL regex only after Squid knows the full url with SslBump? Below is a briefing of the log. Thank you so much!!!! ``` --------- CONNECT example.com:443 HTTP/1.1 Host: example.com:443 User-Agent: curl/7.54.0 Proxy-Connection: Keep-Alive X-Forwarded-For: xx.xxx.xx.xx ---------- ... 2020/03/20 14:51:43.067| 28,3| Acl.cc(158) matches: checked: to_domain_whitelist = 0 2020/03/20 14:51:43.071| 85,2| client_side_request.cc(745) clientAccessCheckDone: The request CONNECT example.com:443 is DENIED; last ACL checked: all ... --------- GET /abc/login HTTP/1.1 Host: example.com User-Agent: curl/7.54.0 Accept: */* ---------- .... ``` -- Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
