Search squid archive

Squid ACL for bypassing ssl-bump

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi all,

I have thus far used dstdomain acl for bypassing ssl bump on sites that we don't want to decrypt, like banking sites. It seems to work for some sites, but not for others.

I see the following post on this from some years back:
http://www.squid-cache.org/mail-archive/squid-users/201303/0046.html

It seems like people there are recommending use of an IP based approach to doing this. In this case you would need a static list of IP addresses to the sites in question.

I was thinking about this, and it seems to me that if we are using the squid proxy with a dns server, we should be able to check the dns cache for that IP, and find the associated hostname, and then match against that.

Does squid support this kind of a thing? If not, I was going to write an external acl helper that does a query on a DNS cache to see if it matches a particular domain. However, I don't want to reinvent the wheel.

Thanks,
-Justin
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux