On 15.10.18 12:48, RB wrote:
After some more research it looks like squid only has access to the url domain if it's HTTPS and the only way to get the url path and query string is to use ssl_bump to decrypt https so squid can see url path and query arguments.
this is what I wrote before. Looking at it now, I should have explained more deeply....
> are you aware that you can only see CONNECT in https requests, unless > using ssl_bump?
To use ssl_bump, I have to compile the code from source with --enable-ssl, create a certificate, and add it to the chain of certs to every other vm that proxies through squid, then squid can decrypt the https urls to see paths and query args and finally apply the regex to those urls in order to only allow explicit regex urls. Is this correct?
Alex has explained already. I would like to note that the whole purpose of SSL encription in HTTPS is to deny anyone between client and server to see what is the client accessing. That includes your proxy. And we often see complaints about SSL bump not working because different clients expect certificates signed by their certificate autorities, not by yours. -- Matus UHLAR - fantomas, uhlar@xxxxxxxxxxx ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Windows 2000: 640 MB ought to be enough for anybody _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
