Search squid archive

Re: transparent proxy splice using dstdomain issue

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Amos Jeffries wrote
> On 7/07/2015 11:45 p.m., S.Kirschner wrote:
>> I think the issues exist because the reverse lookup dont got the anwser
>> "sparkasse.de", but why it does not use the hostname from the dns request
>> to
>> the dns-server ?
> 
> Because Squid is not a DNS server.
> 
> The HTTP message details including URL where dstdomain comes from are
> encrypted at the time you are trying to use the dstdomain ACL.

Yes but, in pfsense a dns server is installed, so on these host a dns server
is running. Also i tried to use the google DNS 

Here now the entries from the cache.log

With sparkasse.de in /etc/hosts
#2015/06/19 14:03:03.907 kid1| DomainData.cc(108) match: aclMatchDomainList:
checking '212.34.69.3'
#2015/06/19 14:03:03.907 kid1| DomainData.cc(113) match: aclMatchDomainList:
'212.34.69.3' NOT found
#2015/06/19 14:03:03.908 kid1| DomainData.cc(108) match: aclMatchDomainList:
checking 'sparkasse.de'
#2015/06/19 14:03:03.908 kid1| DomainData.cc(113) match: aclMatchDomainList:
'sparkasse.de' found
#2015/06/19 14:03:03.908 kid1| Acl.cc(158) matches: checked: bypass = 1
#2015/06/19 14:03:03.908 kid1| Acl.cc(158) matches: checked: (ssl_bump rule)
= 1
#2015/06/19 14:03:03.908 kid1| Acl.cc(158) matches: checked: (ssl_bump
rules) = 1

Without sparkasse.de in /etc/hosts
#2015/06/19 14:05:19.842 kid1| DomainData.cc(108) match: aclMatchDomainList:
checking '212.34.69.3'
#2015/06/19 14:05:19.842 kid1| DomainData.cc(113) match: aclMatchDomainList:
'212.34.69.3' NOT found
#2015/06/19 14:05:19.842 kid1| DomainData.cc(108) match: aclMatchDomainList:
checking 'rev-212.34.69.3.rev.izb.net'
#2015/06/19 14:05:19.842 kid1| DomainData.cc(113) match: aclMatchDomainList:
'rev-212.34.69.3.rev.izb.net' NOT found
#2015/06/19 14:05:19.842 kid1| Acl.cc(158) matches: checked: bypass = 0
#2015/06/19 14:05:19.842 kid1| Acl.cc(158) matches: checked: (ssl_bump rule)
= 0

The ssl accept error in cache.log
#2015/06/19 14:05:19.825 kid1| Checklist.cc(61) markFinished: 0x8041b7798
answer ALLOWED for match
#2015/06/19 14:05:19.825 kid1| Checklist.cc(161) checkCallback:
ACLChecklist::checkCallback: 0x8041b7798 answer=ALLOWED
#2015/06/19 14:05:19.825 kid1| client_side_request.cc(1527) sslBumpNeed:
sslBump required: peek
#2015/06/19 14:05:19.825 kid1| client_side_request.cc(115)
~ClientRequestContext: 0x807468098 ClientRequestContext destructed
#2015/06/19 14:05:19.825 kid1| client_side_request.cc(1829) doCallouts:
calling processRequest()
#2015/06/19 14:05:19.825 kid1| store.cc(780) storeCreatePureEntry:
storeCreateEntry: '212.34.69.3:443'
#2015/06/19 14:05:19.825 kid1| MemObject.cc(97) MemObject: new MemObject
0x807567f40
#2015/06/19 14:05:19.825 kid1| store.cc(485) lock: storeCreateEntry locked
key [null_store_key] e:=V/0x80755ada0*1
#2015/06/19 14:05:19.825 kid1| store_key_md5.cc(89) storeKeyPrivate:
storeKeyPrivate: CONNECT 212.34.69.3:443
#2015/06/19 14:05:19.825 kid1| store.cc(449) hashInsert:
StoreEntry::hashInsert: Inserting Entry e:=IV/0x80755ada0*1 key
'04808DEC55BF24579C431922F1A83DE0'
#2015/06/19 14:05:19.840 kid1| client_side.cc(4245) clientPeekAndSpliceSSL:
SSL_accept failed.
#2015/06/19 14:05:19.840 kid1| client_side.cc(4245) clientPeekAndSpliceSSL:
SSL_accept failed.





--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/transparent-proxy-splice-using-dstdomain-issue-tp4672088p4672095.html
Sent from the Squid - Users mailing list archive at Nabble.com.
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux