Search squid archive

Re: Splice certain SNIs which served by the same IP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hey Ben,

 

I have seen your email however didn’t had enough time to respond.

I and others need some free time…

I am more then willing to test this issue in my local test environment.

I can test it on Oracle Enterprise Linux 8 with the latest 4.x version.

We can simplify things by creating a very specific environment without any unknowns.

You will need to provide the full details of the testing setup and the content of:

acl NoSSLIntercept ssl::server_name  "/usr/local/squid/etc/url-no-bump"
acl NoSSLInterceptRegexp ssl::server_name_regex -i "/usr/local/squid/etc/url-no-bump-regexp"

In my environment it works as expected without any issues while I am not user ssl::server_name_regex

The docs clearly state:

        acl aclname ssl::server_name_regex [-i] \.foo\.com ...

          # regex matches server name obtained from various sources [fast]

 

 

So you should try to use:

        acl aclname ssl::server_name [option] .foo.com ...
          # matches server name obtained from various sources [fast]

 

Instead as a starter point.

 

I understand you need some help but I and others have other obligations in life so it would happen from time to time

that someone is not free to try and help you.

 

All The Bests,

Eliezer

 

  • If someone would have provided me with enough food and other living expenses I might have been free enough to help you.

 

----

Eliezer Croitoru

NgTech, Tech Support

Mobile: +972-5-28704261

Email: ngtech1ltd@xxxxxxxxx

 

From: squid-users <squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx> On Behalf Of Ben Goz
Sent: Thursday, February 17, 2022 14:47
To: squid-users@xxxxxxxxxxxxxxxxxxxxx
Subject: Re: Splice certain SNIs which served by the same IP

 

By the help of God.

Any insights?

 

Thanks,

Ben

 

‫בתאריך יום ב׳, 14 בפבר׳ 2022 ב-15:49 מאת ‪Ben Goz‏ <‪ben.goz87@xxxxxxxxx‏>:

By the help of God.

 

Hi,

Ny squid version is 4.15, using it on tproxy configuration.

 

I'm using ssl bump to intercept https connection, but I want to splice several domains.

I have a problem that when I'm splicing some google domains eg. youtube.com then

gmail.com domain also spliced.

 

I know that it is very common for google servers to host multiple domains on single server.

And I suspect that when I'm splicing for example youtube.com it'll also splices google.com.

 

 Here are my squid configurations for the ssl bump:

 

https_port xxxx ssl-bump tproxy generate-host-certificates=on options=ALL dynamic_cert_mem_cache_size=4MB cert=/usr/local/squid/etc/ssl_cert/myCA.pem dhparams=/usr/local/squid/etc/dhparam.pem sslflags=NO_DEFAULT_CA

acl DiscoverSNIHost at_step SslBump1

acl NoSSLIntercept ssl::server_name  "/usr/local/squid/etc/url-no-bump"
acl NoSSLInterceptRegexp ssl::server_name_regex -i "/usr/local/squid/etc/url-no-bump-regexp"
ssl_bump splice NoSSLInterceptRegexp_always
ssl_bump splice NoSSLIntercept
ssl_bump splice NoSSLInterceptRegexp
ssl_bump peek DiscoverSNIHost
ssl_bump bump all

 

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux