Search squid archive

Re: How to create a simple whitelist using regexes?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 15.10.18 12:48, RB wrote:
After some more research it looks like squid only has access to the url
domain if it's HTTPS and the only way to get the url path and query string
is to use ssl_bump to decrypt https so squid can see url path and query
arguments.

this is what I wrote before. Looking at it now, I should have explained more
deeply....

> are you aware that you can only see CONNECT in https requests, unless
> using ssl_bump?

To use ssl_bump, I have to compile the code from source with --enable-ssl,
create a certificate, and add it to the chain of certs to every other vm
that proxies through squid, then squid can decrypt the https urls to see
paths and query args and finally apply the regex to those urls in order to
only allow explicit regex urls.

Is this correct?

Alex has explained already.

I would like to note that the whole purpose of SSL encription in HTTPS is to
deny anyone between client and server to see what is the client accessing.
That includes your proxy.

And we often see complaints about SSL bump not working because different
clients expect certificates signed by their certificate autorities, not by
yours.

--
Matus UHLAR - fantomas, uhlar@xxxxxxxxxxx ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Windows 2000: 640 MB ought to be enough for anybody
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux