Search squid archive

HELP! Ssl_bump - acl , dstdomain , denied by fqdn need ip

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Please HELP!
 
Hello dear members of the community
excuse me for disturbing me, but I could not find an answer to the question, so I speak to you, sorry again
 
i have
 
#46-Ubuntu SMP Thu Dec 6 14:45:28 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 18.04.1 LTS
Release:        18.04
Codename:       bionic
 
# squid -v
 
Squid Cache: Version 3.5.27
Service Name: squid
Ubuntu linux
 
This binary uses OpenSSL 1.0.2n  7 Dec 2017. For legal restrictions on distribution see https://www.openssl.org/source/license.html
 
 '--enable-ssl' '--enable-ssl-crtd' '--with-openssl'
 
 

 

in /etc/squid.conf

.......

acl test dstdomain partner.steam-api.com
 
acl step1 at_step SslBump1
acl step2 at_step SslBump2
acl step3 at_step SslBump3
 
ssl_bump peek step1 all
ssl_bump splice test
ssl_bump bump
 
 
http_port 192.168.50.1:3128 intercept
https_port 192.168.50.1:3129 intercept ssl-bump options=ALL:NO_SSLv3:NO_SSLv2 connection-auth=off cert=/etc/squid/ssl_cert/squidCA.pem
 
 
 
when I am trying to access the site from a browser from a local network
partner.steam-api.com
 
access.log
 
[Fri Jan 25 06:50:10 2019].514      0 192.168.50.10 TCP_DENIED/200 0 CONNECT 208.64.202.87:443 - HIER_NONE/- -
[Fri Jan 25 06:50:10 2019].516      0 192.168.50.10 TCP_DENIED/200 0 CONNECT 208.64.202.87:443 - HIER_NONE/- -
[Fri Jan 25 06:50:10 2019].530      0 192.168.50.10 TCP_DENIED/200 0 CONNECT 208.64.202.87:443 - HIER_NONE/- -
[Fri Jan 25 06:50:10 2019].537      0 192.168.50.10 TAG_NONE/403 3806 GET https://partner.steam-api.com/ - HIER_NONE/- text/html
[Fri Jan 25 06:50:10 2019].568      0 192.168.50.10 TCP_DENIED/200 0 CONNECT 208.64.202.87:443 - HIER_NONE/- -
[Fri Jan 25 06:50:10 2019].576      0 192.168.50.10 TCP_DENIED/200 0 CONNECT 208.64.202.87:443 - HIER_NONE/- -
[Fri Jan 25 06:50:10 2019].583      0 192.168.50.10 TAG_NONE/403 3806 GET http://berezin:0/squid-internal-static/icons/SN.png - HIER_NONE/- text/html
 
in browser i have are error
 
squid error the requested url could not be retrieved
the following error was encountered while trying to retrieve the url https://208.64.202.87
 
if i add 208.64.202.87 in acl test dstdomain
everything is good and I connect to partner.steam-api.com
 
 
but the address at the end partner.steam-api.com  can be dynamic and constantly changing, so I need a connection by name
tell me what is my mistake?
 
-- 
С Уважением,
Александр Александрович Березин
 
With respect,
Alexander Alexandrovich Berezin
 
 
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux