Hi Eliezer, this is a snippet of my whitelist and no intercept SSL config
#SSL Interception acl DiscoverSNIHost at_step SslBump1 acl NoSSLIntercept ssl::server_name_regex "/usr/local/squid/etc/interceptssl.txt" ssl_bump peek DiscoverSNIHost ssl_bump splice NoSSLIntercept ssl_bump bump all # #SSL Bump http_port 3128 ssl-bump cert=/usr/local/squid/etc/ssl_cert/myCA.pem generate-host-certificates=on dynamic_cert_mem_cache_size=4MB sslcrtd_program /usr/local/squid/libexec/security_file_certgen -s /var/lib/ssl_db -M 4MB # #deny up MIME types acl upmime req_mime_type "/usr/local/squid/etc/mimedeny.txt" # #deny URL links acl url_links url_regex "/usr/local/squid/etc/linksurl.txt" # #allow special URL paths acl special_url url_regex "/usr/local/squid/etc/urlspecial.txt" # #deny down MIME types acl downmime rep_mime_type "/usr/local/squid/etc/mimedeny.txt" # http_reply_access allow special_url http_reply_access deny downmime #http_access deny upmime #http_access deny url_links # #HTTP_HTTPS whitelist websites acl whitelist ssl::server_name_regex "/usr/local/squid/etc/urlwhite.txt" # http_access allow activation whitelist http_access deny all so basically no SSL interception #SSL Interception acl DiscoverSNIHost at_step SslBump1 acl NoSSLIntercept ssl::server_name_regex "/usr/local/squid/etc/interceptssl.txt" ssl_bump peek DiscoverSNIHost ssl_bump splice NoSSLIntercept ssl_bump bump all and whitelisting #HTTP_HTTPS whitelist websites acl whitelist ssl::server_name_regex "/usr/local/squid/etc/urlwhite.txt" in both txt files ie /usr/local/squid/etc/interceptssl.txt /usr/local/squid/etc/urlwhite.txt i have a URL that first i have to whitelist and then if i want squid not to inspect the url traffic i put it in the SSL interception (i do this as some websites dont like MITM ) but even putting the URL in question in both files im still having issues with this website ie its still being detected that its passing through a proxy thanks, rob On Mon, 26 Jun 2023 at 23:35, <ngtech1...@gmail.com> wrote: > Hey Robert, > > > > I am not sure what forward proxy setup you have there. > > A simple forward proxy? > > What tool are you using for whitelisting? > > You can use an external acl helper to allow dynamic updates of the > whitelists or > to periodic update your lists and reload. > It will depend on the size of your lists. > What OS are you using for your squid proxy? > > > > More details will help us help you. > > > > Eliezer > > > > *From:* squid-users <squid-users-boun...@lists.squid-cache.org> *On > Behalf Of *robert k Wild > *Sent:* Monday, June 26, 2023 22:25 > *To:* Squid Users <squid-users@lists.squid-cache.org> > *Subject:* [squid-users] make URL bypass squid proxy > > > > hi all, > > > > i have set up squid for url whitelisting and no intercept SSL (see below) > > > > https://wiki.squid-cache.org/ConfigExamples/Caching/AdobeProducts > > > > but some websites i want the client to bypass the squid proxy and go > straight to the website as i think this is why a url isnt working even when > i add the url to both files ie urlwhite and no intercept SSL > > > > > > > > thanks, > > rob > > > -- > > Regards, > > Robert K Wild. > -- Regards, Robert K Wild.
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
