Search squid archive

Re: extract http headers from CONNECT / bumped ssl?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Aug 24, 2017 at 5:16 PM, Alex Rousskov
<rousskov@xxxxxxxxxxxxxxxxxxxxxxx> wrote:
> On 08/24/2017 06:00 PM, Aaron Turner wrote:
>> So I've deployed squid in forward mode, installed the CA in my web
>> clients, etc and have squid working fine for both http and https
>> traffic.
>
> Forgive me for double checking, but is SSL bumping actually working? For
> example, do you see individual decrypted HTTPS requests in access.log?

Actually, looks like I was misunderstanding the access.log, it was working:

1503620688.280      0 10.93.3.85 TAG_NONE/200 0 CONNECT synfin.net:443
- HIER_NONE/- - ip_index=0,client=-
1503620689.241    947 10.93.3.85 TCP_MISS/200 57810 GET
https://synfin.net/sock_stream/ - HIER_DIRECT/45.79.73.39 text/html
ip_index=2,client=foobar1

I didn't initially understand that each CONNECT then generates a
second entry.  As you can see the second line has both the full URI
(indicating the SSL got bumped) and decoded my client id (foobar1).

> What is your Squid version?

3.5.26


>> One thing I need to do is be able to extract a http request header
>> into an external_acl_type:
>>
>> external_acl_type client_ip_map_0 %>{My-Custom-Client-Id}
>> /usr/lib64/squid/user_loadbalance.py 0 4
>
> That is not your actual external_acl_type line, I hope. The %>h part
> looks malformed.

Really?  Works and seems to match the instructions indicating "%>{Header}"

Thanks,
Aaron
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux