Search squid archive

Re: Squid and Epic Games HCapctca

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 8/5/22 05:10, Adam Barnett wrote:
maybe i am doing something wrong, here is my config

ssl_bump splice ...
ssl_bump bump dst_quixel
ssl_bump peek dst_quixel
ssl_bump stare dst_quixel


The combination of the last three ssl_bump rules does not make sense because Squid will never reach those peek and stare rules. The bump rule can be applied during any SslBump step, so Squid will not see any same-ACL ssl_bump directives below it -- the first matching rule (that can be applied during the current step) wins.

I do not know what logic you are trying to express with those rules, but the above configuration does not express that (or any) logic well. I hope Eliezer can guide you towards a reasonable solution here.


HTH,

Alex.




On Thu, 4 Aug 2022 at 22:58, <ngtech1ltd@xxxxxxxxx <mailto:ngtech1ltd@xxxxxxxxx>> wrote:

    Please don’t bang your head… everybody is here for you.____

    Sometimes it takes time to respond but you will get your answers.____

    __ __

    https://www.ngtech.co.il/squid/support-save/support-save-2022-08-05_00-51-47.tar.gz
    <https://www.ngtech.co.il/squid/support-save/support-save-2022-08-05_00-51-47.tar.gz>____

    __ __

    Is not the fastest connection and it has a blacklist in the DB dump
    so for now it’s a production system but works good enough for me.____

    I hope it’s not too much information in the support save file.____

    __ __

    Let me know if it makes more sense for you.____

    AlsoI am happy that you have asked this question since now others
    can enjoy from the answer 😊____

    __ __

    Eliezer____

    __ __

    ----____

    Eliezer Croitoru____

    NgTech, Tech Support____

    Mobile: +972-5-28704261____

    Email: ngtech1ltd@xxxxxxxxx <mailto:ngtech1ltd@xxxxxxxxx>____

    Web: https://ngtech.co.il/ <https://ngtech.co.il/>____

    My-Tube: https://tube.ngtech.co.il/ <https://tube.ngtech.co.il/>____

    __ __

    *From:*Adam Barnett <abarnett@xxxxxxxxxx <mailto:abarnett@xxxxxxxxxx>>
    *Sent:* Friday, 5 August 2022 0:44
    *To:* ngtech1ltd@xxxxxxxxx <mailto:ngtech1ltd@xxxxxxxxx>
    *Cc:* squid-users@xxxxxxxxxxxxxxxxxxxxx
    <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx>
    *Subject:* Re:  Squid and Epic Games HCapctca____

    __ __

    Sure, the more the beter, ive been banging my head against the wall
    for a while on this____

    __ __

    Adam ____

    __ __

    On Thu, 4 Aug 2022 at 22:41, <ngtech1ltd@xxxxxxxxx
    <mailto:ngtech1ltd@xxxxxxxxx>> wrote:____

        You are welcome.____

        ____

        I wrote an app that does everything for me so I just need to
        dump the database into a:____

        ssl::server_namedirective____

        ____

        it’s basically:____

        ## START____

        aclNoBump_server_name ssl::server_name
        "/etc/squid/no-ssl-bump-server-name.list"____

        ____

        acltls_to_splice any-of inspect_only NoBump_src
        NoBump_server_name NoBump_server_regex_by_urls_domain
        NoBump_server_regex____

        ____

        ssl_bumppeek app_matcher_helper____

        ssl_bumppeek tls_s1_connect____

        ____

        ssl_bumpbump app_matcher_helper____

        ssl_bumpbump app_reader_helper____

        ssl_bumpbump deny_note____

        ____

        ssl_bumpsplice app_matcher_helper____

        ssl_bumpsplice tls_to_splice____

        ____

        ssl_bumpstare app_matcher_helper____

        ssl_bumpstare tls_s2_client_hello____

        ____

        ssl_bumpbump app_matcher_helper____

        ssl_bumpbump tls_to_bump____

        ## END____

        ____

        If you want I can upload a snippet of the whole setup dump with
        hope you could make use of it.____

        ____

        Eliezer____

        ____

        ----____

        Eliezer Croitoru____

        NgTech, Tech Support____

        Mobile: +972-5-28704261____

        Email: ngtech1ltd@xxxxxxxxx <mailto:ngtech1ltd@xxxxxxxxx>____

        Web: https://ngtech.co.il/ <https://ngtech.co.il/>____

        My-Tube: https://tube.ngtech.co.il/ <https://tube.ngtech.co.il/>____

        ____

        *From:*Adam Barnett <abarnett@xxxxxxxxxx
        <mailto:abarnett@xxxxxxxxxx>>
        *Sent:* Friday, 5 August 2022 0:26
        *To:* ngtech1ltd@xxxxxxxxx <mailto:ngtech1ltd@xxxxxxxxx>
        *Cc:* squid-users@xxxxxxxxxxxxxxxxxxxxx
        <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx>
        *Subject:* Re:  Squid and Epic Games HCapctca____

        ____

        תודה רבה
        It looks like you are using a database and then building the
        config from that? any cahnce you can send me the snippet of the
        config instead of the DB bits? ? ____

        ____

        Thanks again ____

        ____

        Adam ____

        ____

        On Thu, 4 Aug 2022 at 22:18, <ngtech1ltd@xxxxxxxxx
        <mailto:ngtech1ltd@xxxxxxxxx>> wrote:____

            Hey Adam,____

            ____

            I recorded a video for you on how I do it at:____

            https://cloud1.ngtech.co.il/static/squid-data/splice-epic-games.mp4
            <https://cloud1.ngtech.co.il/static/squid-data/splice-epic-games.mp4>____

            ____

            So basically the relevant domains are:____

            ____

            epicgames-download1.akamaized.net
            <http://epicgames-download1.akamaized.net>____

            .epicgames.com <http://epicgames.com>____

            .unrealengine.com <http://unrealengine.com>____

            ____

            And you can peek at robert k Wild mail: “regex for normal
            websites”____

            ____

            And it contains the relevant technical details.____

            If for any reason you need a more detailed answer let me
            know.____

            ____

            Yours,____

            Eliezer ____

            ____

            ----____

            Eliezer Croitoru____

            NgTech, Tech Support____

            Mobile: +972-5-28704261____

            Email: ngtech1ltd@xxxxxxxxx <mailto:ngtech1ltd@xxxxxxxxx>____

            Web: https://ngtech.co.il/ <https://ngtech.co.il/>____

            My-Tube: https://tube.ngtech.co.il/
            <https://tube.ngtech.co.il/>____

            ____

            *From:*squid-users
            <squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx
            <mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx>> *On
            Behalf Of *Adam Barnett
            *Sent:* Thursday, 4 August 2022 14:28
            *To:* squid-users@xxxxxxxxxxxxxxxxxxxxx
            <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx>
            *Subject:*  Squid and Epic Games HCapctca____

            ____

            Hi All, ____

            ____

            I am trying to get squid to allow me to login to
            Epicgames.com with my epic login, i get to the login page
            and get the hcaptca images and everytime i get "invalid
            response" ____

            ____

            i looked at the headers and the only error that i can see is
            "The cache information is missing from the entry" ____

            ____

            My config looks like so

            workers 2

            ```
            # Leave coredumps in the first cache dir
            coredump_dir /var/spool/squid

            http_port 3128 ssl-bump  dynamic_cert_mem_cache_size=16MB
              generate-host-certificates=on
            cert=/etc/squid/certs/squid-ca-cert-key.pem

            sslcrtd_program /usr/lib64/squid/security_file_certgen -s
            /var/spool/squid/ssl -M 16MB
            dns_nameservers 10.5.1.2 8.8.8.8
            visible_hostname foo-proxy-1
            forwarded_for truncate
            via off

            # Send to file
            access_log daemon:/var/log/squid/access.log



            acl CONNECT method CONNECT
            acl local src 10.0.0.0/8 <http://10.0.0.0/8>
            always_direct allow all
            request_header_add X-GoogApps-Allowed-Domains "foo.com
            <http://foo.com>" all

            memory_replacement_policy heap GDSF
            maximum_object_size 100 KB
            maximum_object_size 1 MB

            cache allow all
            cache_mem 256 MB
            cache_dir rock /var/spool/squid 1024
            memory_pools off
            cache_swap_low 90
            client_persistent_connections on


            http_access allow localhost manager
            http_access deny manager

            # SquidGaurd
            url_rewrite_program /usr/bin/squidGuard
            ```

            Any suggestions? ____

            ____

            Thanks____

            Adam Barnett
            Senior SysAdmin beloFX____

            **____

            	

            ____

            	

            abarnett@xxxxxxxxxx
            <https://514584150-atari-embeds.googleusercontent.com/embeds/16cb204cf3a9d4d223a0a3fd8b0eec5d/inner-frame-minified.html?jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.dzXZWX9QTbE.O%2Fd%3D1%2Frs%3DAHpOoo_epIQDPHdjFr3MLkazUi2Jmy50dQ%2Fm%3D__features__>____

            **____

            	

            ____

            	

            www.belofx.com <http://www.belofx.com/>____

            **____

            	

            ____

            	

            LinkedIn <http://www.linkedin.com/company/belofx>____

            ____


_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux