Search squid archive

url_rewrite_program shows IP addresses instead of domain name when rewriting SSL/HTTPS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi all,

I'm trying to create a kind of captive portal when only my domain and google play are whitelisted and other addresses(http/https) are forwarded to my domain. 
All http requests are landing fine in the url_rewrite program, while the https requests appear as only the IP address but not the dns name. I'm aware of http://wiki.squid-cache.org/Features/SslPeekAndSplice and especially the note that during ssl_bump no dns name is available yet and instead one should be using the acl ssl::server_name directive, but for some reason no https address is being sent to my url_rewrite program.

The same SSL certificate used on my domain is also being used with squid at https_port

I'm using squid 3.5.20 compiled manually with the following directives:
./configure \
        --prefix=/usr \
        --exec-prefix=/usr \
        --includedir=/usr/include \
        --datadir=${prefix}/share/squid \
        --libdir=/usr/lib64 \
        --libexecdir=${prefix}/lib/squid \
        --localstatedir=/var \
        --sysconfdir=/etc/squid \
        --sharedstatedir=/var/lib \
        --with-logdir=/var/log/squid \
        --with-pidfile=/var/run/squid.pid \
        --with-default-user=proxy \
        --enable-silent-rules \
        --enable-dependency-tracking \
        --with-openssl \
        --enable-ssl \
        --enable-icmp \
        --enable-delay-pools \
        --enable-useragent-log \
        --enable-esi \
        --enable-ssl-crtd \
        --enable-follow-x-forwarded-for \
        --enable-storeid-rewrite-helpers \
        --enable-external-acl-helpers

Here's my squid.conf

"
pinger_enable off
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network


acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 443 # https
acl Safe_ports port 1025-65535 # unregistered ports
acl CONNECT method CONNECT

http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

http_access allow localhost manager
http_access deny manager
http_access allow localnet
http_access allow localhost


acl http dstdomain play.google.com mydomain.com 
acl https ssl::server_name play.google.com mydomain.com

http_access allow http
http_access allow https

url_rewrite_program /bin/bash -c -l /etc/squid/redirect.bash

url_rewrite_access allow all !http
url_rewrite_access allow all !https

sslcrtd_program /lib/squid/ssl_crtd -s /var/lib/ssl_db -M 4MB

http_access allow all

http_port 3127
http_port 3128 intercept
https_port 3129 intercept cert=mycert.cert key=mykey.key ssl-bump intercept generate-host-certificates=on  version=1 options=NO_SSLv2,NO_SSLv3,SINGLE_DH_USE  cafile=Intermediate.crt

always_direct allow all
acl step1 at_step SslBump1
acl step2 at_step SslBump2
acl step3 at_step SslBump3

ssl_bump splice localhost
ssl_bump splice https

ssl_bump peek step1
ssl_bump peek all

coredump_dir /var/cache/squid
"

So any idea why no https urls are being redirected to the url_rewrite program?
Any alternative solution is also very much welcome

Regards
Moataz

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux