On 23/07/20 3:27 pm, David A. Gershman wrote: > Hello again, > > After further testing, the looks like the only thing being regex'd > against is the domain name. I shrunk the RE down to just: > > acl user_allowed url_regex http # nothing more, just 'http' > > and it /*still*/ failed!!! It's as if the "whole url" (claimed by the > docs) is /not/ being compared against. I'm just posting this here as an > FYI...no solution has been found. :( > Squid uses basic regex without extensions - the basic operators that work in both GNU regex and POSIX regex can be expected to work. Your mistake is thinking that URL always looks like "https://example.com/";. For HTTPS traffic going through an HTTP proxy the URL is in authority-form which looks like "example.com:443". <https://tools.ietf.org/html/rfc7230#section-5.3.3> > > On 7/22/20 7:22 PM, David A. Gershman wrote: >> Hello, >> >> I have the following in my config file: >> >> acl user_allowed url_regex ^https://example\.com/ >> >> but surfing to that site fails (authentication works fine). My >> ultimate goal is to have an RE comparable to the PCRE of: >> >> ^https?:\/\/.*?example\.com\/ >> >> While the PCRE works just fine in other tools (my own scripts, online, >> etc.), I was unable to get it to work within Squid3. As I stripped >> away pieces of the RE in the config file, the only RE which seemed to >> work was: >> >> example\.com >> >> ...not even having the ending '/'. However, this obviously does not >> meet my needs. >> To get to the scheme and path information for HTTPS traffic you need SSL-Bump functionality built into the proxy and configured to decrypt the TLS traffic layer. OpenSSL license currently (soon to change, yay!) does not permit Debian to distribute a Squid binary package with that feature enabled so you will have to rebuild the squid package yourself with relevant additions or install a package from an independent repository. >> I'm on Debian 10 and am unable to determine which RE library Debian >> compiled Squid3 against (I've got a Tweet out to them to see if they >> can point me in the right direction). Squid3 has been removed from Debian long ago. You should be using "squid" package these days which is Squid-4 on all current Debian. HTH Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
