By the help of God.
Hi,
Ny squid version is 4.15, using it on tproxy configuration.
I'm using ssl bump to intercept https connection, but I want to splice several domains.
I have a problem that when I'm splicing some google domains eg. youtube.com then
gmail.com domain also spliced.
I know that it is very common for google servers to host multiple domains on single server.
And I suspect that when I'm splicing for example youtube.com it'll also splices google.com.
Here are my squid configurations for the ssl bump:
https_port xxxx ssl-bump tproxy generate-host-certificates=on options=ALL dynamic_cert_mem_cache_size=4MB cert=/usr/local/squid/etc/ssl_cert/myCA.pem dhparams=/usr/local/squid/etc/dhparam.pem sslflags=NO_DEFAULT_CA
acl DiscoverSNIHost at_step SslBump1
acl NoSSLIntercept ssl::server_name "/usr/local/squid/etc/url-no-bump"
acl NoSSLInterceptRegexp ssl::server_name_regex -i "/usr/local/squid/etc/url-no-bump-regexp"
ssl_bump splice NoSSLInterceptRegexp_always
ssl_bump splice NoSSLIntercept
ssl_bump splice NoSSLInterceptRegexp
ssl_bump peek DiscoverSNIHost
ssl_bump bump all
acl DiscoverSNIHost at_step SslBump1
acl NoSSLIntercept ssl::server_name "/usr/local/squid/etc/url-no-bump"
acl NoSSLInterceptRegexp ssl::server_name_regex -i "/usr/local/squid/etc/url-no-bump-regexp"
ssl_bump splice NoSSLInterceptRegexp_always
ssl_bump splice NoSSLIntercept
ssl_bump splice NoSSLInterceptRegexp
ssl_bump peek DiscoverSNIHost
ssl_bump bump all
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
