Re: [squid-users] Only checking URLs via Squid for SSL

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Sun, 24 Aug 2014 11:52:40 +1200

On 24/08/2014 1:00 a.m., Nicol�s wrote:
> Hi,
>
> I'm using Squid 3.3.8 as a transparent proxy, it works fine with HTTP,
> but I'd like to avoid cacheing HTTPS sites, and just determine whether
> the requested URL is listed as denied on Squid (via 'acl dstdom_regex'
> for instance), otherwise just make squid act as a proxy to the URL's
> content. Is that even possible without using SSL Bump? Otherwise, could
> you recommend the simplest way of achieving this?
>

No it is only possible with bumping. For transparent interception of
port 443 (HTTPS) use squid-3.4 with server-first bumping at minimum,
preferrably squid-3.5 with peek-n-splice when it comes out.

If you bump and still do not want to cache for some reason the cache
access control can be used like so:

  acl HTTPS proto HTTPS
  cache deny HTTPS

Amos
Received on Sat Aug 23 2014 - 23:52:57 MDT

This archive was generated by hypermail 2.2.0 : Sun Aug 24 2014 - 12:00:06 MDT