|
You can use the following
acl NoSSLIntercept ssl::server_name_regex -i "/usr/local/pkg/reg.url.nobump"
acl NoBumpDNS dstdomain "/usr/local/pkg/dns.nobump"
I created a regex based no bump file and or use a dns based no bump file to mark splice only sites.
Example of what is in reg.url.nobump file
^((alt[0-9]-mtalk\.)|(mtalk\.)|(mtalk-(staging|dev)\.))google\.com
^((gvt)([0-9]))\.com
^(((clients)[0-9])|accounts)\.google\.(com|us)
^(pki|(crl|ocsp)\.pki)\.google\.com
(outlook\.)(office365|office)\.com
infinity-c[0-9][0-9]\.youboranqs[0-9][0-9]\.com
hulu\.com
nflxvideo\.net
Or example of what could be in dns.nobump
.play.google.com
.android.com
.google-analytics.com
.googleusercontent.com
.ggpht.com
.dl.google.com
.dl-ssl.google.com
.android.clients.google.com
.omahaproxy.appspot.com
.payments.google.com
.googleapis.com
.notifications.google.com
.ogs.google.com
.googleapis.com
Make sure you follow the enterprise policy for Google Android based products.
Some sites simply can not and or should not be bumped and you only should look at the get header.
From: A. Pechenin <alexmrrc@xxxxxxxxx>
Sent: Saturday, December 21, 2024 11:46 To: Jonathan Lee <jonathanlee571@xxxxxxxxx> Cc: squid-users@xxxxxxxxxxxxxxxxxxxxx <squid-users@xxxxxxxxxxxxxxxxxxxxx> Subject: Re: [squid-users] SQUID problem with unavailability of Google services I apologize for the formatting of the text of the letter?
I will be incorrect if I do not say that there are entries in the cache.log, although the IP does not resolve directly to google subdomains, but according to whois, this is the Google LLC farm.
сб, 21 дек. 2024 г. в 20:43, Jonathan Lee <jonathanlee571@xxxxxxxxx>:
Have you created a splice only file with lists of items that must be spliced at all times, Google mail ethically should be spliced just as an example. Some know sites must be spliced. |
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx https://lists.squid-cache.org/listinfo/squid-users
