Sorry I'm a bit thick
So I've read SSL::server_name_regex which uses sni is better than dstdomain_regex
So I think I'm better of using the sni one then ?
On Fri, 20 May 2022, 12:20 Matus UHLAR - fantomas, <uhlar@xxxxxxxxxxx> wrote:
On 20.05.22 11:21, robert k Wild wrote:
>So for SSL inspection, for squid to look into the URl headers, what's the
>better one
>
>Server name or
>
>DST domain
I thought I have explained it:
dstdom_regex is from the request, not from the SSL data.
>On Fri, 20 May 2022, 11:12 Matus UHLAR - fantomas, <uhlar@xxxxxxxxxxx>
>wrote:
>
>> On 19.05.22 19:29, robert k Wild wrote:
>> >Think I found it but, what the difference between these two
>> >
>> >acl aclname ssl::server_name_regex [-i] \.foo\.com ...
>>
>> this one is taken from SNI option when squid looks at SSL handshake
>> parameters.
>>
>> >acl aclname dstdom_regex [-n] [-i] \.foo\.com ...
>>
>> this one is the one provided in clients' request, where SSL requests
>> usually
>> look like:
>>
>> CONNECT www.google.com:443 HTTP/1.0
--
Matus UHLAR - fantomas, uhlar@xxxxxxxxxxx ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Posli tento mail 100 svojim znamim - nech vidia aky si idiot
Send this email to 100 your friends - let them see what an idiot you are
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
