Thanks Amos,
So does that mean for all my SSL::server_name ACLs, I should be using
SSL_bump and not http_access
On Sat, 21 May 2022, 06:10 Amos Jeffries, wrote:
> On 20/05/22 23:26, robert k Wild wrote:
> > Sorry I'm a bit thick
> >
>
> Don't be. These things beyond plain-text HTTP are
On 20/05/22 23:26, robert k Wild wrote:
Sorry I'm a bit thick
Don't be. These things beyond plain-text HTTP are unfortunately a bit
complex.
The key thing to remember is that Squid is dealing with *layers* of
protocols wrapped around each other.
This wiki page
Sorry I'm a bit thick
So I've read SSL::server_name_regex which uses sni is better than
dstdomain_regex
So I think I'm better of using the sni one then ?
On Fri, 20 May 2022, 12:20 Matus UHLAR - fantomas,
wrote:
> On 20.05.22 11:21, robert k Wild wrote:
> >So for SSL inspection, for squid to
On 20.05.22 11:21, robert k Wild wrote:
So for SSL inspection, for squid to look into the URl headers, what's the
better one
Server name or
DST domain
I thought I have explained it:
dstdom_regex is from the request, not from the SSL data.
On Fri, 20 May 2022, 11:12 Matus UHLAR -
So for SSL inspection, for squid to look into the URl headers, what's the
better one
Server name or
DST domain
Thanks,
Rob
On Fri, 20 May 2022, 11:12 Matus UHLAR - fantomas,
wrote:
> On 19.05.22 19:29, robert k Wild wrote:
> >Think I found it but, what the difference between these two
> >
>
On 19.05.22 19:29, robert k Wild wrote:
Think I found it but, what the difference between these two
acl aclname ssl::server_name_regex [-i] \.foo\.com ...
this one is taken from SNI option when squid looks at SSL handshake
parameters.
acl aclname dstdom_regex [-n] [-i] \.foo\.com ...
Think I found it but, what the difference between these two
acl aclname ssl::server_name_regex [-i] \.foo\.com ...
acl aclname dstdom_regex [-n] [-i] \.foo\.com ...
On Thu, 19 May 2022, 19:01 robert k Wild, wrote:
> Hi all,
>
> ATM in my squid.conf I have two acls, one for normal whitelist
Hi all,
ATM in my squid.conf I have two acls, one for normal whitelist urls and one
for whitelist reg ex urls, like so
#HTTP_HTTPS whitelist websites
acl whitelist ssl::server_name "/usr/local/squid/etc/urlwhite.txt"
#
#HTTP_HTTPS whitelist websites regex
acl whitelistreg