On 5/11/2015 11:55 a.m., Edouard Gaulué wrote: > Hi Marcus, > > Well that just an URL rewriter program. You can just test it from the > command line : > echo "URL" | /usr/bin/squidGuard -c /etc/squidguard/squidGuard.conf > > Before I understood it was possible to precise the redirect code I got > that: > #> echo > "https://ad.doubleclick.net/N4061/adi/com.ythome/_default;sz=970x250;tile=1;ssl=1;dc_yt=1;kbsg=HPFR151103;kga=-1;kgg=-1;klg=fr;kmyd=ad_creative_1;ytexp=9406852,9408210,9408502,9417689,9419444,9419802,9420440,9420473,9421645,9421711,9422141,9422865,9423510,9423563,9423789;ord=968558538238386? > - - GET"|/usr/bin/squidGuard -c /etc/squidguard/squidGuard.conf > #> OK > rewrite-url="https://proxyweb.XXXXX.XXXXX/cgi-bin/squidGuard-simple.cgi?clientaddr=-pipo&clientname=&clientuser=&clientgroup=default&targetgroup=unknown&url=https://ad.doubleclick.net/N4061/adi/com.ythome/_default;sz=970x250;tile=1;ssl=1;dc_yt=1;kbsg=HPFR151103;kga=-1;kgg=-1;klg=fr;kmyd=ad_creative_1;ytexp=9406852,9408210,9408502,9417689,9419444,9419802,9420440,9420473,9421645,9421711,9422141,9422865,9423510,9423563,9423789;ord=968558538238386?"; > > > After a little change in the squidguard.conf, I get: > #> OK status=302 > url="https://proxyweb.echoppe.lan/cgi-bin/squidGuard-simple.cgi?clientaddr=-pipo&clientname=&clientuser=&clientgroup=default&targetgroup=unknown&url=https://ad.doubleclick.net/N4061/adi/com.ythome/_default;sz=970x250;tile=1;ssl=1;dc_yt=1;kbsg=HPFR151103;kga=-1;kgg=-1;klg=fr;kmyd=ad_creative_1;ytexp=9406852,9408210,9408502,9417689,9419444,9419802,9420440,9420473,9421645,9421711,9422141,9422865,9423510,9423563,9423789;ord=968558538238386?"; > > > It's not so better handled by my browser saying "can't connect to > https://ad.doubleclick.net"; message. But, I don't get the squid message > anymore regarding http/https. What Squid version? There was a bug about the wrong SNI being sent to servers on bumped traffic that got re-written. That got fixed in Squid-3.5.7 and re-writers should have been fully working since then. Note that CONNECT requests should not be re-written though. We dont prevent it automatically because it is sometimes actually useful, but SG cannot handle them correctly. > > It may be that rewrite_rule_program come after peek and splice stuff > leading squid to an unpredictable situation. Is there a way to play on > order things happen in squid? debug_options to raise the amount of output each part of Squid produces in cache.log. A lits of the sections can be found at <http://wiki.squid-cache.org/KnowledgeBase/DebugSections> - slightly outdated, but not much changes with these. Or the latest list in doc/debug-sections.txt of the Squid sources. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
