-
-
Save nwalke/55fea584352016149180 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
visible_hostname squid | |
#Handling HTTP requests | |
http_port 3129 intercept | |
#List of sites | |
acl allowed_http_sites dstdomain api.geonames.org | |
acl allowed_http_sites dstdomain .ubuntu.com | |
acl allowed_http_sites dstdomain .download.newrelic.com | |
access_log syslog:local4.info | |
#Allow HTTP sites we specified above | |
http_access allow allowed_http_sites | |
#Handling HTTPS requests | |
https_port 3130 cert=/etc/squid/ca/squid.pem ssl-bump intercept | |
acl SSL_port port 443 | |
http_access allow SSL_port | |
#List of sites | |
acl allowed_https_sites ssl::server_name .newrelic.com | |
acl allowed_https_sites ssl::server_name api.pusherapp.com | |
acl allowed_https_sites ssl::server_name .ubuntu.com | |
acl allowed_https_sites ssl::server_name .elasticloadbalancing.us-east-1.amazonaws.com | |
acl allowed_https_sites ssl::server_name .elasticloadbalancing.us-west-2.amazonaws.com | |
acl allowed_https_sites ssl::server_name .autoscaling.us-east-1.amazonaws.com | |
acl allowed_https_sites ssl::server_name .autoscaling.us-west-2.amazonaws.com | |
acl allowed_https_sites ssl::server_name .ec2.us-east-1.amazonaws.com | |
acl allowed_https_sites ssl::server_name .ec2.us-west-2.amazonaws.com | |
acl allowed_https_sites ssl::server_name .codedeploy-commands.us-east-1.amazonaws.com | |
acl allowed_https_sites ssl::server_name .codedeploy-commands.us-west-2.amazonaws.com | |
acl allowed_https_sites ssl::server_name .kms.us-east-1.amazonaws.com | |
acl allowed_https_sites ssl::server_name .kms.us-west-2.amazonaws.com | |
acl allowed_https_sites ssl::server_name .api.postmarkapp.com | |
acl allowed_https_sites ssl::server_name .execute-api.us-west-2.amazonaws.com | |
acl allowed_https_sites ssl::server_name .honeybadger.io | |
acl allowed_https_sites ssl::server_name .maps.googleapis.com | |
acl allowed_https_sites ssl::server_name .foundcluster.com | |
acl allowed_https_sites ssl::server_name .us-east-1.aws.found.io | |
acl allowed_https_sites ssl::server_name .twilio.com | |
#Allow HTTPS sites we specified above, terminate the ones that don't match | |
acl step1 at_step SslBump1 | |
acl step2 at_step SslBump2 | |
acl step3 at_step SslBump3 | |
ssl_bump peek step1 all | |
ssl_bump peek step2 allowed_https_sites | |
ssl_bump splice step3 allowed_https_sites | |
ssl_bump terminate step2 all | |
#Block everything else | |
http_access deny all |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment