|
Hello fellow Squid users,
Has anyone attempted to block DoH with mime?
If not, this is how I have done this.
The only issue is MS Teams, requires doh, so I am confused as to how to add an override for specific by need sites.
Here is how I did this.
Please if anyone knows how to add a bypass for this let me know.
acl deny_rep_mime_doh rep_mime_type application/dns-message
acl deny_rep_mime_doh rep_mime_type text/dns
acl deny_rep_mime_doh rep_mime_type application/dns+json
http_reply_access deny deny_rep_mime_doh
acl doh_rfc8484 urlpath_regex -i ^/dns-query
acl doh_rfc8484 urlpath_regex -i dns=
acl doh_rfc8484 urlpath_regex -i ^/resolve
acl doh_group any-of deny_rep_mime_doh doh_rfc8484
http_access deny doh_group
acl terminate_group any-of deny_rep_mime_doh doh_rfc8484
acl active_use annotate_client active=true
ssl_bump peek step1
ssl_bump terminate terminate_group
miss_access deny no_miss active_use
ssl_bump splice splice_main active_use
ssl_bump bump bump_main active_use
acl activated note active_use true
ssl_bump terminate !activated
Ref:
https://www.iana.org/assignments/media-types/application/dns-message https://www.iana.org/assignments/media-types/application/dns+json https://wiki.squid-cache.org/ConfigExamples/BlockingMimeTypes |
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx https://lists.squid-cache.org/listinfo/squid-users
