Squid Web Cache wiki

Squid Web Cache documentation

🔗 Snowflake

by Yuri Voinov

🔗 How to pass Snowflake

Snowflake (including plugin) uses connect to domain


to bootstrap.

Transparent proxy without special rule to prevent bump (splice) to this domain will prevent connecting.

So SSL-Bump proxy must be configured to splice initial connection from Snowflake to bridges:

# SSL-bump rules
acl DiscoverSNIHost at_step SslBump1
# Splice specified servers
acl NoSSLIntercept ssl::server_name_regex "/usr/local/squid/etc/acl.url.nobump"
ssl_bump peek DiscoverSNIHost
ssl_bump splice NoSSLIntercept
ssl_bump bump all

Add this to acl.url.nobump:

# Snowflake

This is minimal access requires Snowflake to connect.

🔗 How to block Snowflake

To block Snowflake by any reason it is enough to do not do actions described above.

⚠️ Disclaimer: Any example presented here is provided "as-is" with no support
or guarantee of suitability. If you have any further questions about
these examples please email the squid-users mailing list.

Categories: ConfigExample

Navigation: Site Search, Site Pages, Categories, 🔼 go up