On 3/08/22 05:01, robert k Wild wrote:
Mmm, maybe I should try
dstdom_regex
Instead of
ssl::server_name_regex
But when you using ssl bump in your squid.conf, isn't it best to use
ssl::server_name_regex
Typically yes, or ssl::server_name.
FYI, the two ACL types do exactly the same matching algorithm. They
differ only in what detail from the traffic they match against:
* dstdomain matches:
- the domain found in HTTP request-target (aka URL or URI), or
- the reverse-DNS hostname for a raw-IP found in HTTP request-target
(aka URL or URI).
* ssl::server_name matches whichever is available from (in order of
preference):
- the request-target URL domain from decrypted HTTP(S) message, or
- the host name from SSL server certificate AltSubject, or
- the host name from TLS SNI message, or
- the domain from request-target URI of CONNECT request.
... in that order of preference for both.
HTH
Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
