Re: Splice certain SNIs which served by the same IP

"Eliezer Croitoru" <ngtech1ltd@xxxxxxxxx> · Sun, 20 Feb 2022 13:32:38 +0200

Hey Ben,

I have seen your email however didn’t had enough time to respond.
I and others need some free time…
I am more then willing to test this issue in my local test environment.
I can test it on Oracle Enterprise Linux 8 with the latest 4.x version.
We can simplify things by creating a very specific environment without any unknowns.
You will need to provide the full details of the testing setup and the content of:
acl NoSSLIntercept ssl::server_name  "/usr/local/squid/etc/url-no-bump"
acl NoSSLInterceptRegexp ssl::server_name_regex -i "/usr/local/squid/etc/url-no-bump-regexp"

In my environment it works as expected without any issues while I am not user ssl::server_name_regex
The docs clearly state:
        acl aclname ssl::server_name_regex [-i] \.foo\.com ...
          # regex matches server name obtained from various sources [fast]

So you should try to use:
        acl aclname ssl::server_name [option] .foo.com ...
          # matches server name obtained from various sources [fast]

Instead as a starter point.

I understand you need some help but I and others have other obligations in life so it would happen from time to time
that someone is not free to try and help you.

All The Bests,
Eliezer

If someone would have provided me with enough food and other living expenses I might have been free enough to help you.

----
Eliezer Croitoru
NgTech, Tech Support
Mobile: +972-5-28704261
Email: ngtech1ltd@xxxxxxxxx

From: squid-users <squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx> On Behalf Of Ben Goz
Sent: Thursday, February 17, 2022 14:47
To: squid-users@xxxxxxxxxxxxxxxxxxxxx
Subject: Re:  Splice certain SNIs which served by the same IP

By the help of God.
Any insights?

Thanks,
Ben

‫בתאריך יום ב׳, 14 בפבר׳ 2022 ב-15:49 מאת ‪Ben Goz‏ <‪ben.goz87@xxxxxxxxx‏>:
By the help of God.

Hi,
Ny squid version is 4.15, using it on tproxy configuration.

I'm using ssl bump to intercept https connection, but I want to splice several domains.
I have a problem that when I'm splicing some google domains eg. youtube.com then
gmail.com domain also spliced.

I know that it is very common for google servers to host multiple domains on single server.
And I suspect that when I'm splicing for example youtube.com it'll also splices google.com.

 Here are my squid configurations for the ssl bump:

https_port xxxx ssl-bump tproxy generate-host-certificates=on options=ALL dynamic_cert_mem_cache_size=4MB cert=/usr/local/squid/etc/ssl_cert/myCA.pem dhparams=/usr/local/squid/etc/dhparam.pem sslflags=NO_DEFAULT_CA

acl DiscoverSNIHost at_step SslBump1

acl NoSSLIntercept ssl::server_name  "/usr/local/squid/etc/url-no-bump"
acl NoSSLInterceptRegexp ssl::server_name_regex -i "/usr/local/squid/etc/url-no-bump-regexp"
ssl_bump splice NoSSLInterceptRegexp_always
ssl_bump splice NoSSLIntercept
ssl_bump splice NoSSLInterceptRegexp
ssl_bump peek DiscoverSNIHost
ssl_bump bump all

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users