Hey Amos, And just to be clear: ssl::server_name_regex has the same path as ssl::server_name ? I have not read the code yet but it seems pretty obviates to me. Eliezer ---- Eliezer Croitoru NgTech, Tech Support Mobile: +972-5-28704261 Email: ngtech1ltd@xxxxxxxxx Web: https://ngtech.co.il/ My-Tube: https://tube.ngtech.co.il/ -----Original Message----- From: squid-users <squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx> On Behalf Of Amos Jeffries Sent: Wednesday, 3 August 2022 5:10 To: squid-users@xxxxxxxxxxxxxxxxxxxxx Subject: Re: regex for normal websites On 3/08/22 05:01, robert k Wild wrote: > Mmm, maybe I should try > > dstdom_regex > > Instead of > > ssl::server_name_regex > > But when you using ssl bump in your squid.conf, isn't it best to use > > ssl::server_name_regex > Typically yes, or ssl::server_name. FYI, the two ACL types do exactly the same matching algorithm. They differ only in what detail from the traffic they match against: * dstdomain matches: - the domain found in HTTP request-target (aka URL or URI), or - the reverse-DNS hostname for a raw-IP found in HTTP request-target (aka URL or URI). * ssl::server_name matches whichever is available from (in order of preference): - the request-target URL domain from decrypted HTTP(S) message, or - the host name from SSL server certificate AltSubject, or - the host name from TLS SNI message, or - the domain from request-target URI of CONNECT request. ... in that order of preference for both. HTH Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users