On 8/5/22 05:10, Adam Barnett wrote:
maybe i am doing something wrong, here is my config
ssl_bump splice ... ssl_bump bump dst_quixel ssl_bump peek dst_quixel ssl_bump stare dst_quixel
The combination of the last three ssl_bump rules does not make sense because Squid will never reach those peek and stare rules. The bump rule can be applied during any SslBump step, so Squid will not see any same-ACL ssl_bump directives below it -- the first matching rule (that can be applied during the current step) wins.
I do not know what logic you are trying to express with those rules, but the above configuration does not express that (or any) logic well. I hope Eliezer can guide you towards a reasonable solution here.
HTH, Alex.
On Thu, 4 Aug 2022 at 22:58, <ngtech1ltd@xxxxxxxxx <mailto:ngtech1ltd@xxxxxxxxx>> wrote:Please don’t bang your head… everybody is here for you.____ Sometimes it takes time to respond but you will get your answers.____ __ __ https://www.ngtech.co.il/squid/support-save/support-save-2022-08-05_00-51-47.tar.gz <https://www.ngtech.co.il/squid/support-save/support-save-2022-08-05_00-51-47.tar.gz>____ __ __ Is not the fastest connection and it has a blacklist in the DB dump so for now it’s a production system but works good enough for me.____ I hope it’s not too much information in the support save file.____ __ __ Let me know if it makes more sense for you.____ AlsoI am happy that you have asked this question since now others can enjoy from the answer 😊____ __ __ Eliezer____ __ __ ----____ Eliezer Croitoru____ NgTech, Tech Support____ Mobile: +972-5-28704261____ Email: ngtech1ltd@xxxxxxxxx <mailto:ngtech1ltd@xxxxxxxxx>____ Web: https://ngtech.co.il/ <https://ngtech.co.il/>____ My-Tube: https://tube.ngtech.co.il/ <https://tube.ngtech.co.il/>____ __ __ *From:*Adam Barnett <abarnett@xxxxxxxxxx <mailto:abarnett@xxxxxxxxxx>> *Sent:* Friday, 5 August 2022 0:44 *To:* ngtech1ltd@xxxxxxxxx <mailto:ngtech1ltd@xxxxxxxxx> *Cc:* squid-users@xxxxxxxxxxxxxxxxxxxxx <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx> *Subject:* Re: Squid and Epic Games HCapctca____ __ __ Sure, the more the beter, ive been banging my head against the wall for a while on this____ __ __ Adam ____ __ __ On Thu, 4 Aug 2022 at 22:41, <ngtech1ltd@xxxxxxxxx <mailto:ngtech1ltd@xxxxxxxxx>> wrote:____ You are welcome.____ ____ I wrote an app that does everything for me so I just need to dump the database into a:____ ssl::server_namedirective____ ____ it’s basically:____ ## START____ aclNoBump_server_name ssl::server_name "/etc/squid/no-ssl-bump-server-name.list"____ ____ acltls_to_splice any-of inspect_only NoBump_src NoBump_server_name NoBump_server_regex_by_urls_domain NoBump_server_regex____ ____ ssl_bumppeek app_matcher_helper____ ssl_bumppeek tls_s1_connect____ ____ ssl_bumpbump app_matcher_helper____ ssl_bumpbump app_reader_helper____ ssl_bumpbump deny_note____ ____ ssl_bumpsplice app_matcher_helper____ ssl_bumpsplice tls_to_splice____ ____ ssl_bumpstare app_matcher_helper____ ssl_bumpstare tls_s2_client_hello____ ____ ssl_bumpbump app_matcher_helper____ ssl_bumpbump tls_to_bump____ ## END____ ____ If you want I can upload a snippet of the whole setup dump with hope you could make use of it.____ ____ Eliezer____ ____ ----____ Eliezer Croitoru____ NgTech, Tech Support____ Mobile: +972-5-28704261____ Email: ngtech1ltd@xxxxxxxxx <mailto:ngtech1ltd@xxxxxxxxx>____ Web: https://ngtech.co.il/ <https://ngtech.co.il/>____ My-Tube: https://tube.ngtech.co.il/ <https://tube.ngtech.co.il/>____ ____ *From:*Adam Barnett <abarnett@xxxxxxxxxx <mailto:abarnett@xxxxxxxxxx>> *Sent:* Friday, 5 August 2022 0:26 *To:* ngtech1ltd@xxxxxxxxx <mailto:ngtech1ltd@xxxxxxxxx> *Cc:* squid-users@xxxxxxxxxxxxxxxxxxxxx <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx> *Subject:* Re: Squid and Epic Games HCapctca____ ____ תודה רבה It looks like you are using a database and then building the config from that? any cahnce you can send me the snippet of the config instead of the DB bits? ? ____ ____ Thanks again ____ ____ Adam ____ ____ On Thu, 4 Aug 2022 at 22:18, <ngtech1ltd@xxxxxxxxx <mailto:ngtech1ltd@xxxxxxxxx>> wrote:____ Hey Adam,____ ____ I recorded a video for you on how I do it at:____ https://cloud1.ngtech.co.il/static/squid-data/splice-epic-games.mp4 <https://cloud1.ngtech.co.il/static/squid-data/splice-epic-games.mp4>____ ____ So basically the relevant domains are:____ ____ epicgames-download1.akamaized.net <http://epicgames-download1.akamaized.net>____ .epicgames.com <http://epicgames.com>____ .unrealengine.com <http://unrealengine.com>____ ____ And you can peek at robert k Wild mail: “regex for normal websites”____ ____ And it contains the relevant technical details.____ If for any reason you need a more detailed answer let me know.____ ____ Yours,____ Eliezer ____ ____ ----____ Eliezer Croitoru____ NgTech, Tech Support____ Mobile: +972-5-28704261____ Email: ngtech1ltd@xxxxxxxxx <mailto:ngtech1ltd@xxxxxxxxx>____ Web: https://ngtech.co.il/ <https://ngtech.co.il/>____ My-Tube: https://tube.ngtech.co.il/ <https://tube.ngtech.co.il/>____ ____ *From:*squid-users <squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx <mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx>> *On Behalf Of *Adam Barnett *Sent:* Thursday, 4 August 2022 14:28 *To:* squid-users@xxxxxxxxxxxxxxxxxxxxx <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx> *Subject:* Squid and Epic Games HCapctca____ ____ Hi All, ____ ____ I am trying to get squid to allow me to login to Epicgames.com with my epic login, i get to the login page and get the hcaptca images and everytime i get "invalid response" ____ ____ i looked at the headers and the only error that i can see is "The cache information is missing from the entry" ____ ____ My config looks like so workers 2 ``` # Leave coredumps in the first cache dir coredump_dir /var/spool/squid http_port 3128 ssl-bump dynamic_cert_mem_cache_size=16MB generate-host-certificates=on cert=/etc/squid/certs/squid-ca-cert-key.pem sslcrtd_program /usr/lib64/squid/security_file_certgen -s /var/spool/squid/ssl -M 16MB dns_nameservers 10.5.1.2 8.8.8.8 visible_hostname foo-proxy-1 forwarded_for truncate via off # Send to file access_log daemon:/var/log/squid/access.log acl CONNECT method CONNECT acl local src 10.0.0.0/8 <http://10.0.0.0/8> always_direct allow all request_header_add X-GoogApps-Allowed-Domains "foo.com <http://foo.com>" all memory_replacement_policy heap GDSF maximum_object_size 100 KB maximum_object_size 1 MB cache allow all cache_mem 256 MB cache_dir rock /var/spool/squid 1024 memory_pools off cache_swap_low 90 client_persistent_connections on http_access allow localhost manager http_access deny manager # SquidGaurd url_rewrite_program /usr/bin/squidGuard ``` Any suggestions? ____ ____ Thanks____ Adam Barnett Senior SysAdmin beloFX____ **____ ____ abarnett@xxxxxxxxxx <https://514584150-atari-embeds.googleusercontent.com/embeds/16cb204cf3a9d4d223a0a3fd8b0eec5d/inner-frame-minified.html?jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.dzXZWX9QTbE.O%2Fd%3D1%2Frs%3DAHpOoo_epIQDPHdjFr3MLkazUi2Jmy50dQ%2Fm%3D__features__>____ **____ ____ www.belofx.com <http://www.belofx.com/>____ **____ ____ LinkedIn <http://www.linkedin.com/company/belofx>____ ____ _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
