squid.conf

# SSL Interception  basic rules
acl DiscoverSNIHost at_step SslBump1

acl NoSSLInterceptRegEx ssl::server_name_regex (^|.*\.)redshift3d\.com$
acl NoSSLInterceptRegExFile ssl::server_name_regex "/usr/local/squid/etc/no-intercept-ssl-regex.txt"

acl NoSSLInterceptDstDom ssl::server_name .redshift3d.com
acl NoSSLInterceptDstDomFile ssl::server_name "/usr/local/squid/etc/no-intercept-ssl-dstdom.txt"

## Any of will test what ever rule match first in a first match/hit fasion
acl NoSSLInterceptAnyOf any-of NoSSLInterceptDstDom NoSSLInterceptDstDomFile NoSSLInterceptRegEx NoSSLInterceptRegExFile

ssl_bump peek DiscoverSNIHost
ssl_bump splice NoSSLInterceptAnyOf
ssl_bump bump all

#SSL Bump port
http_port 3128 ssl-bump cert=/usr/local/squid/etc/ssl_cert/myCA.pem generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
sslcrtd_program /usr/local/squid/libexec/security_file_certgen -s /var/lib/ssl_db -M 4MB

## http_access acls, will apply on incomming requests and not on responses
acl special_url_regex url_regex https?://(^|.*\.)redshift3d\.com\/
acl special_url_regex_file url_regex "/usr/local/squid/etc/special_url_regex.txt"

acl special_url_dst_dom dstdomain .redshift3d.com
acl special_url_dst_dom_file dstdomain "/usr/local/squid/etc/special_url_dstdom.txt"

acl special_url_any_of any-of special_url_dst_dom special_url_dst_dom_file special_url_regex special_url_regex_file

acl localnet src 192.168.0.0/16
acl localnet src 10.0.0.0/8

http_access allow localnet special_url_any_of
http_access deny all

# Once the above will work try to add other http_access rule like reply access rules