Search squid archive

Re: Squid and Epic Games HCapctca

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi 

Thanks for the config, but maybe i am doing something wrong, here is my config

```
workers 2

# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid

http_port 3128 ssl-bump dynamic_cert_mem_cache_size=16MB  generate-host-certificates=on cert=/etc/squid/certs/squid-ca-cert-key.pem
sslcrtd_program /usr/lib64/squid/security_file_certgen -s /var/spool/squid/ssl -M 16MB
tls_outgoing_options options=NO_SSLv3,SINGLE_DH_USE
dns_nameservers 10.5.1.2 8.8.8.8
visible_hostname can-proxy-1
forwarded_for delete
via off
host_verify_strict off
dns_v4_first on
client_dst_passthru on
read_ahead_gap 64 MB
shutdown_lifetime 10 seconds


# Send to file
access_log daemon:/var/log/squid/access.log


acl CONNECT method CONNECT

acl CONNECT method CONNECT
acl local src 10.0.0.0/8
always_direct allow all
request_header_add X-GoogApps-Allowed-Domains "belofx.com" all

memory_replacement_policy heap GDSF
maximum_object_size 100 KB
maximum_object_size 1 MB

cache allow all
cache_mem 256 MB
cache_dir rock /var/spool/squid 1024
memory_pools off
cache_swap_low 90
client_persistent_connections off



http_access allow localhost manager
http_access deny manager

# SquidGaurd
url_rewrite_program /usr/bin/squidGuard


acl fetched_certificate transaction_initiator certificate-fetching

acl step1 at_step SslBump1
acl step2 at_step SslBump2
acl step3 at_step SslBump3

acl tls_s1_connect at_step SslBump1
acl tls_s2_client_hello at_step SslBump2
acl tls_s3_server_hello at_step SslBump3


http_access allow fetched_certificate
acl bump_note note bump 1
acl splice_note note splice 1


acl dst_quixel url_regex epicgames.com
http_access allow local dst_quixel

ssl_bump splice dst_shotgrid dst_misc_urls_pac dst_keybase dst_quixel dst_adobe_cc dst_maxon dst_msupdates maxon_ip
ssl_bump bump dst_quixel
ssl_bump peek dst_quixel
ssl_bump stare dst_quixel
strip_query_terms off



always_direct allow all
sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEER

# Block everythng else
http_access deny all
```
Thanks

On Thu, 4 Aug 2022 at 22:58, <ngtech1ltd@xxxxxxxxx> wrote:

Please don’t bang your head… everybody is here for you.

Sometimes it takes time to respond but you will get your answers.

 

https://www.ngtech.co.il/squid/support-save/support-save-2022-08-05_00-51-47.tar.gz

 

Is not the fastest connection and it has a blacklist in the DB dump so for now it’s a production system but works good enough for me.

I hope it’s not too much information in the support save file.

 

Let me know if it makes more sense for you.

Also I am happy that you have asked this question since now others can enjoy from the answer 😊

 

Eliezer

 

----

Eliezer Croitoru

NgTech, Tech Support

Mobile: +972-5-28704261

Email: ngtech1ltd@xxxxxxxxx

Web: https://ngtech.co.il/

My-Tube: https://tube.ngtech.co.il/

 

From: Adam Barnett <abarnett@xxxxxxxxxx>
Sent: Friday, 5 August 2022 0:44
To: ngtech1ltd@xxxxxxxxx
Cc: squid-users@xxxxxxxxxxxxxxxxxxxxx
Subject: Re: Squid and Epic Games HCapctca

 

Sure, the more the beter, ive been banging my head against the wall for a while on this

 

Adam 

 

On Thu, 4 Aug 2022 at 22:41, <ngtech1ltd@xxxxxxxxx> wrote:

You are welcome.

 

I wrote an app that does everything for me so I just need to dump the database into a:

ssl::server_name directive

 

it’s basically:

## START

acl NoBump_server_name ssl::server_name "/etc/squid/no-ssl-bump-server-name.list"

 

acl tls_to_splice any-of inspect_only NoBump_src NoBump_server_name NoBump_server_regex_by_urls_domain NoBump_server_regex

 

ssl_bump peek app_matcher_helper

ssl_bump peek tls_s1_connect

 

ssl_bump bump app_matcher_helper

ssl_bump bump app_reader_helper

ssl_bump bump deny_note

 

ssl_bump splice app_matcher_helper

ssl_bump splice tls_to_splice

 

ssl_bump stare app_matcher_helper

ssl_bump stare tls_s2_client_hello

 

ssl_bump bump app_matcher_helper

ssl_bump bump tls_to_bump

## END

 

If you want I can upload a snippet of the whole setup dump with hope you could make use of it.

 

Eliezer

 

----

Eliezer Croitoru

NgTech, Tech Support

Mobile: +972-5-28704261

Email: ngtech1ltd@xxxxxxxxx

Web: https://ngtech.co.il/

My-Tube: https://tube.ngtech.co.il/

 

From: Adam Barnett <abarnett@xxxxxxxxxx>
Sent: Friday, 5 August 2022 0:26
To: ngtech1ltd@xxxxxxxxx
Cc: squid-users@xxxxxxxxxxxxxxxxxxxxx
Subject: Re: [squid-users] Squid and Epic Games HCapctca

 

תודה רבה
It looks like you are using a database and then building the config from that? any cahnce you can send me the snippet of the config instead of the DB bits? ? 

 

Thanks again 

 

Adam 

 

On Thu, 4 Aug 2022 at 22:18, <ngtech1ltd@xxxxxxxxx> wrote:

Hey Adam,

 

I recorded a video for you on how I do it at:

https://cloud1.ngtech.co.il/static/squid-data/splice-epic-games.mp4

 

So basically the relevant domains are:

 

epicgames-download1.akamaized.net

.epicgames.com

.unrealengine.com

 

And you can peek at robert k Wild mail: “regex for normal websites”

 

And it contains the relevant technical details.

If for any reason you need a more detailed answer let me know.

 

Yours,

Eliezer

 

----

Eliezer Croitoru

NgTech, Tech Support

Mobile: +972-5-28704261

Email: ngtech1ltd@xxxxxxxxx

Web: https://ngtech.co.il/

My-Tube: https://tube.ngtech.co.il/

 

From: squid-users <squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx> On Behalf Of Adam Barnett
Sent: Thursday, 4 August 2022 14:28
To: squid-users@xxxxxxxxxxxxxxxxxxxxx
Subject: Squid and Epic Games HCapctca

 

Hi All, 

 

I am trying to get squid to allow me to login to Epicgames.com with my epic login, i get to the login page and get the hcaptca images and everytime i get "invalid response" 

 

i looked at the headers and the only error that i can see is "The cache information is missing from the entry" 

 

My config looks like so 

workers 2

```
# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid

http_port 3128 ssl-bump  dynamic_cert_mem_cache_size=16MB  generate-host-certificates=on cert=/etc/squid/certs/squid-ca-cert-key.pem

sslcrtd_program /usr/lib64/squid/security_file_certgen -s /var/spool/squid/ssl -M 16MB
dns_nameservers 10.5.1.2 8.8.8.8
visible_hostname foo-proxy-1
forwarded_for truncate
via off

# Send to file
access_log daemon:/var/log/squid/access.log



acl CONNECT method CONNECT
acl local src 10.0.0.0/8
always_direct allow all
request_header_add X-GoogApps-Allowed-Domains "foo.com" all

memory_replacement_policy heap GDSF
maximum_object_size 100 KB
maximum_object_size 1 MB

cache allow all
cache_mem 256 MB
cache_dir rock /var/spool/squid 1024
memory_pools off
cache_swap_low 90
client_persistent_connections on


http_access allow localhost manager
http_access deny manager

# SquidGaurd
url_rewrite_program /usr/bin/squidGuard
```

Any suggestions? 

 

Thanks

Adam Barnett
Senior SysAdmin beloFX

 

abarnett@xxxxxxxxxx

 

www.belofx.com

 

LinkedIn

 

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux