🔗 Snowflake
by Yuri Voinov
🔗 How to pass Snowflake
Snowflake (including plugin) uses connect to domain
snowflake.freehaven.net
to bootstrap.
Transparent proxy without special rule to prevent bump (splice) to this domain will prevent connecting.
So SSL-Bump proxy must be configured to splice initial connection from Snowflake to bridges:
# SSL-bump rules
acl DiscoverSNIHost at_step SslBump1
# Splice specified servers
acl NoSSLIntercept ssl::server_name_regex "/usr/local/squid/etc/acl.url.nobump"
ssl_bump peek DiscoverSNIHost
ssl_bump splice NoSSLIntercept
ssl_bump bump all
Add this to acl.url.nobump:
# Snowflake
snowflake\.freehaven\.net
This is minimal access requires Snowflake to connect.
🔗 How to block Snowflake
To block Snowflake by any reason it is enough to do not do actions described above.
⚠️ Disclaimer: Any example presented here is provided "as-is" with no support
or guarantee of suitability. If you have any further questions about
these examples please email the squid-users mailing list.
Categories: ConfigExample
Navigation: Site Search, Site Pages, Categories, 🔼 go up