On Tue, 04 Feb 2014 19:17:51 +0600, Amos Jeffries <squid3@xxxxxxxxxxxxx>
wrote:
On 4/02/2014 11:34 p.m., Yury Paykov wrote:
Hello, squid users, I'm currently having an issue trying to configure
That would be because the IP address is all Squid has to work with from
the TCP packet and the best domain that can be known is the PTR record.
Or CN form the server certificate, which lead me to my following thread...
FYI: 1e100.net is a google domain just as much as "google.com" etc.
Add " .1e100.net " to your dstdomain ACL and it will work better.
It may as well be, but the information as to which domains to bump
comes from user, who is unlikely to guess that for search requests to
google.com not to be bumped he/she also need to mention .1e100.net...
MY QUESTION IS - Is there a way to use CN information from server
certificate which is retrieved with /server-first/ method? Can I
construct
an ACL rule based on it?
Not until after the bumping happens.
Sad :(
Amos
Anyway, I'm grateful for your attention !
--
Sincerely Yours,
====Yury Paykov, aka Crystal