Hello fellow Squid users, Has anyone attempted to block DoH with mime?
If not, this is how I have done this. The only issue is MS Teams, requires doh, so I am confused as to how to add an override for specific by need sites. Here is how I did this. Please if anyone knows how to add a bypass for this let me know. acl deny_rep_mime_doh rep_mime_type application/dns-message acl deny_rep_mime_doh rep_mime_type text/dns acl deny_rep_mime_doh rep_mime_type application/dns+json http_reply_access deny deny_rep_mime_doh acl doh_rfc8484 urlpath_regex -i ^/dns-query acl doh_rfc8484 urlpath_regex -i dns= acl doh_rfc8484 urlpath_regex -i ^/resolve acl doh_group any-of deny_rep_mime_doh doh_rfc8484 http_access deny doh_group acl terminate_group any-of deny_rep_mime_doh doh_rfc8484 acl active_use annotate_client active=true ssl_bump peek step1 ssl_bump terminate terminate_group miss_access deny no_miss active_use ssl_bump splice splice_main active_use ssl_bump bump bump_main active_use acl activated note active_use true ssl_bump terminate !activated Ref: https://www.iana.org/assignments/media-types/application/dns-message https://www.iana.org/assignments/media-types/application/dns+json https://wiki.squid-cache.org/ConfigExamples/BlockingMimeTypes
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users
