Hey Robert,
It’s not a dumb question.
It’s a really fine question.
I want to answer to your question but I have couple obligations.
If you are willing to wait couple days I will probably be much free and will be able to sit and understand what the answer and then to answer properly.
For a great question deserves a great answer.
Yours,
Eliezer
----
Eliezer Croitoru
NgTech, Tech Support
Mobile: +972-5-28704261
Email: ngtech1ltd@xxxxxxxxx
My-Tube: https://tube.ngtech.co.il/
From: robert k Wild <robertkwild@xxxxxxxxx>
Sent: Tuesday, 2 August 2022 18:24
To: Eliezer Croitoru <ngtech1ltd@xxxxxxxxx>
Cc: Squid Users <squid-users@xxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [squid-users] regex for normal websites
mmm... so i just want to know and really sorry for the dumb question, so
adobe\.com$
works but then again if a website was eg
hackadobe\.com$
that would work as well probably, so i want to do something like this
\.adobe\.com$
ie put a dot . infront of adobe so
would work but then
hackadobe\.com$
would no longer work
On Tue, 2 Aug 2022 at 15:27, <ngtech1ltd@xxxxxxxxx> wrote:
Hey Robert,
I will test this with latest squid and my Apps helper and will verify.
Thanks,
Eliezer
----
Eliezer Croitoru
NgTech, Tech Support
Mobile: +972-5-28704261
Email: ngtech1ltd@xxxxxxxxx
My-Tube: https://tube.ngtech.co.il/
From: robert k Wild <robertkwild@xxxxxxxxx>
Sent: Tuesday, 2 August 2022 15:15
To: Eliezer Croitoru <ngtech1ltd@xxxxxxxxx>
Cc: Squid Users <squid-users@xxxxxxxxxxxxxxxxxxxxx>
Subject: Re: regex for normal websites
ok i have tested and this works
adobe\.com$
i found it weird this didnt work
\.adobe\.com
just curious thats all
On Tue, 2 Aug 2022 at 13:05, <ngtech1ltd@xxxxxxxxx> wrote:
I believe it should have been:
^adobe\.com$
^.*\.adobe\.com$
^\*\.adobe\.com$
But I don’t know the code to this depth.
If I would have written the match I think it would have been something a bit different.
- A match for SNI
- A joker match for SAN ie *.adobe.com SAN should catch both www.www.adobe.com
But for some reason it’s not like that, I assume the browsers and the libraries doesn’t implement it for an unknown reason.
If Alex or anyone else from Factory knows the details of the ACL they can answer more then me.
Thanks,
Eliezer
----
Eliezer Croitoru
NgTech, Tech Support
Mobile: +972-5-28704261
Email: ngtech1ltd@xxxxxxxxx
My-Tube: https://tube.ngtech.co.il/
From: robert k Wild <robertkwild@xxxxxxxxx>
Sent: Tuesday, 2 August 2022 14:51
To: Eliezer Croitoru <ngtech1ltd@xxxxxxxxx>
Cc: Squid Users <squid-users@xxxxxxxxxxxxxxxxxxxxx>
Subject: Re: regex for normal websites
On Thu, 28 Jul 2022 at 08:14, <ngtech1ltd@xxxxxxxxx> wrote:
Hey Robert,
The docs at http://www.squid-cache.org/Doc/config/acl/ states:
acl aclname ssl::server_name_regex [-i] \.foo\.com ...
# regex matches server name obtained from various sources [fast]
Which and I do not know exactly what it means but it will not work with a helper in most cases.
I have found the in the git the next sources:
New types ssl::server_name and ssl::server_name_regex
to match server name from various sources (CONNECT authority name,
TLS SNI domain, or X.509 certificate Subject Name).
Which means that there is a set of checks which the acl does and not just a domain name.
It’s also even possible that the domain name is not know in the CONNECT state of the connection.
If I remember correctly there is a possibility for browsers to use the same exact connection for multiple domains but
I have not seen this yet in production.With Squid once you bump the connection to HTTP/1.x you can make 100% sure the features of the Host header request.
At Servername.cc ie:
There is a specific logic of what is done and what is matched but I am not sure what would be used in the case of:
Certificate SAN.
Specifically This part of the Common Names ie SAN:
which to my understanding points to:
doesn’t make any sense to me.( didn’t tried that much to understand)
If someone might be able to make sense of things in a synchronic fashion it would help.
(I do not see any debugs usage there or any helping comment )
Thanks,
Eliezer
----
Eliezer Croitoru
NgTech, Tech Support
Mobile: +972-5-28704261
Email: ngtech1ltd@xxxxxxxxx
My-Tube: https://tube.ngtech.co.il/
From: squid-users <squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx> On Behalf Of robert k Wild
Sent: Wednesday, 27 July 2022 13:52
To: Squid Users <squid-users@xxxxxxxxxxxxxxxxxxxxx>
Subject: Re: regex for normal websites
that's the weird thing, when i try this in "ssl::server_name_regex"
it doesnt work
you mean escape ie the \ character
On Wed, 27 Jul 2022 at 11:05, Matus UHLAR - fantomas <uhlar@xxxxxxxxxxx> wrote:
On 27.07.22 10:54, robert k Wild wrote:
>think i got it right but just want to double check with you guys
>
>so in my "ssl::server_name" i had
>.adobe.com
>
>that worked but i want to mix normal website and regex websites together so
>i just have one list for all
didn't the above work? AFAIK it should, IIRC domain matching in squid
matches "domain.com" if you check for ".domain.com".
>i now have this for "ssl::server_name_regex"
>^.*adobe.com$
>
>it works, so im guessing its right
the dot should be escaped
--
Matus UHLAR - fantomas, uhlar@xxxxxxxxxxx ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
BSE = Mad Cow Desease ... BSA = Mad Software Producents Desease
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
--
Regards,
Robert K Wild._______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
--Regards,
Robert K Wild.
--
Regards,
Robert K Wild._______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
--
Regards,
Robert K Wild.
Robert K Wild.
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
