Search squid archive

Re: Put URLs and URL regex in one text file

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 20/05/22 23:26, robert k Wild wrote:
Sorry I'm a bit thick


Don't be. These things beyond plain-text HTTP are unfortunately a bit complex.

The key thing to remember is that Squid is dealing with *layers* of protocols wrapped around each other.

This wiki page <https://wiki.squid-cache.org/Features/SslPeekAndSplice#Terminology> documents the process as well as we can.

So I've read SSL::server_name_regex which uses sni is better than dstdomain_regex

So I think I'm better of using the sni one then ?


Neither is "better". They check different things.

Usually checking _both_ is useful since "HTTPS" is an HTTP request (with domain) wrapped inside TLS (with SNI). The two values there are usually supposed to be the same, but may not be.

The ssl_bump access controls should check ssl::server_name* ACLs.

The http_access should check dst* ACLs for HTTP message URL, and may also check ssl::* ACLs for TLS details (including the TLS server name).


HTH
Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users



[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux