Re: make URL bypass squid proxy

robert k Wild <robertkwild@xxxxxxxxx> · Tue, 27 Jun 2023 07:36:20 +0100

Hi 
Eliezer,

this is a snippet of my whitelist and no intercept SSL config

#SSL Interception
acl DiscoverSNIHost at_step SslBump1
acl NoSSLIntercept ssl::server_name_regex "/usr/local/squid/etc/interceptssl.txt"
ssl_bump peek DiscoverSNIHost
ssl_bump splice NoSSLIntercept
ssl_bump bump all
#
#SSL Bump
http_port 3128 ssl-bump cert=/usr/local/squid/etc/ssl_cert/myCA.pem generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
sslcrtd_program /usr/local/squid/libexec/security_file_certgen -s /var/lib/ssl_db -M 4MB
#
#deny up MIME types
acl upmime req_mime_type "/usr/local/squid/etc/mimedeny.txt"
#
#deny URL links
acl url_links url_regex "/usr/local/squid/etc/linksurl.txt"
#
#allow special URL paths
acl special_url url_regex "/usr/local/squid/etc/urlspecial.txt"
#
#deny down MIME types
acl downmime rep_mime_type "/usr/local/squid/etc/mimedeny.txt"
#
http_reply_access allow special_url
http_reply_access deny downmime
#http_access deny upmime
#http_access deny url_links
#
#HTTP_HTTPS whitelist websites
acl whitelist ssl::server_name_regex "/usr/local/squid/etc/urlwhite.txt"
#
http_access allow activation whitelist
http_access deny all

so basically no SSL interception

#SSL Interception
acl DiscoverSNIHost at_step SslBump1
acl NoSSLIntercept ssl::server_name_regex "/usr/local/squid/etc/interceptssl.txt"
ssl_bump peek DiscoverSNIHost
ssl_bump splice NoSSLIntercept
ssl_bump bump all 

and whitelisting

#HTTP_HTTPS whitelist websites
acl whitelist ssl::server_name_regex "/usr/local/squid/etc/urlwhite.txt" 

in both txt files ie

/usr/local/squid/etc/interceptssl.txt 

/usr/local/squid/etc/urlwhite.txt 

i have a URL that first i have to whitelist and then if i want squid not to inspect the url traffic i put it in the SSL interception (i do this as some websites dont like MITM )

but even putting the URL in question in both files im still having issues with this website ie its still being detected that its passing through a proxy

thanks,
rob

On Mon, 26 Jun 2023 at 23:35, <ngtech1ltd@xxxxxxxxx> wrote:
Hey Robert,

I am not sure what forward proxy setup you have there.
A simple forward proxy?
What tool are you using for whitelisting?
You can use an external acl helper to allow dynamic updates of the whitelists or
to periodic update your lists and reload.
It will depend on the size of your lists.
What OS are you using for your squid proxy?

More details will help us help you.

Eliezer

From: squid-users <squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx> On Behalf Of robert k Wild
Sent: Monday, June 26, 2023 22:25
To: Squid Users <squid-users@xxxxxxxxxxxxxxxxxxxxx>
Subject:  make URL bypass squid proxy

hi all,

i have set up squid for url whitelisting and no intercept SSL (see below)

https://wiki.squid-cache.org/ConfigExamples/Caching/AdobeProducts

but some websites i want the client to bypass the squid proxy and go straight to the website as i think this is why a url isnt working even when i add the url to both files ie urlwhite and no intercept SSL

thanks,
rob

-- 
Regards, 

Robert K Wild.

-- 
Regards, 

Robert K Wild.

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users