Re: [squid-users] Squid 3.5.21 ssl bump and x-forward
If really needed, there is a patch here http://bugs.squid-cache.org/show_bug.cgi?id=3792 But as Amos said this patch is incomplete the CONNECT XFF header contents should also be added to the bumped request Fred ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Squid 3.5.21 ssl bump and x-forward
> > I have the same issue and racked my brain trying to find a solution. > Now, I > see there is no solution for this yet. > > I would appreciate so much if this feature were made available in the > future. > > Eduardo Carneiro > > Yes http://bugs.squid-cache.org/show_bug.cgi?id=4607 ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Squid 3.5.21 ssl bump and x-forward
Amos Jeffries wrote >>> >> >> >> Ok thank you, there is a plan to add this ? Without identification we are >> in the fog all bumped requests are only recorded with 127.0.0.1 >> > > Eventually, yes. I'm not aware of anyone actually working on it at > present though. > > Amos > > ___ > squid-users mailing list > squid-users@.squid-cache > http://lists.squid-cache.org/listinfo/squid-users I have the same issue and racked my brain trying to find a solution. Now, I see there is no solution for this yet. I would appreciate so much if this feature were made available in the future. Eduardo Carneiro -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-3-5-21-ssl-bump-and-x-forward-tp4679521p4680697.html Sent from the Squid - Users mailing list archive at Nabble.com. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Squid 3.5.21 ssl bump and x-forward
On 15/09/2016 10:54 p.m., FredB wrote: > >> >> Above are bumped requests sent inside the tunnel. Proxy #1 did not >> interact with them, so it has no way to add XFF headers. >> >> The SSL-Bump logic does not yet store some things like indirect >> client >> IP and associate them with the bumped requests. >> >> Amos >> > > > Ok thank you, there is a plan to add this ? Without identification we are in > the fog all bumped requests are only recorded with 127.0.0.1 > Eventually, yes. I'm not aware of anyone actually working on it at present though. Amos ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Squid 3.5.21 ssl bump and x-forward
> > Above are bumped requests sent inside the tunnel. Proxy #1 did not > interact with them, so it has no way to add XFF headers. > > The SSL-Bump logic does not yet store some things like indirect > client > IP and associate them with the bumped requests. > > Amos > Ok thank you, there is a plan to add this ? Without identification we are in the fog all bumped requests are only recorded with 127.0.0.1 Fred ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Squid 3.5.21 ssl bump and x-forward
On 15/09/2016 8:53 p.m., FredB wrote: > Hello, > > I'm testing SSlBump and it works good, however I'm seeing something strange > with two proxies and x-forwarded enabled to the first, some requests are > wrote with the first proxy address. > > user -> squid (fowarded_for on) -> squid (follow_x_forwarded_for allow all) > -> Net > > Here log from the second squids, on same server, (same result when there are > separate 127.0.0.1 = IP FIRST SQUID) > > 10.x.x.x.x - myaccount [15/Sep/2016:09:40:07 +0200] "CONNECT > www.google.fr:443 HTTP/1.0" 200 0 440 TAG_NONE:HIER_NONE "Mozilla/5.0 > (Windows NT 6.1; rv:48.0) Gecko/20100101 Firefox/48.0" > 10.x.x.x.x - myaccount [15/Sep/2016:09:40:07 +0200] "GET > http://www.google.fr/ HTTP/1.0" 302 643 1575 TCP_MISS:HIER_DIRECT > "Mozilla/5.0 (Windows NT 6.1; rv:48.0) Gecko/20100101 Firefox/48.0" > 10.x.x.x.x - myaccount [15/Sep/2016:09:40:07 +0200] "CONNECT > www.google.fr:443 HTTP/1.0" 200 0 440 TAG_NONE:HIER_NONE "Mozilla/5.0 > (Windows NT 6.1; rv:48.0) Gecko/20100101 Firefox/48.0" Above are HTTP requests sent from proxy #1 to proxy #2. > 127.0.0.1 - myaccount [15/Sep/2016:09:40:07 +0200] "POST > https://www.google.fr/gen_204?atyp=i&ct=slh&cad=&ei=EVDaV-rAOcS7adLmucAF&s=3&v=2&pv=0.19272099408438004&me=4:1473925301533,e,U&zx=1473925301536 > HTTP/1.1" 204 401 1571 TCP_MISS:HIER_DIRECT "Mozilla/5.0 (Windows NT 6.1; > rv:48.0) Gecko/20100101 Firefox/48.0" > 127.0.0.1 - myaccount [15/Sep/2016:09:40:08 +0200] "GET > https://www.google.fr/?gws_rd=ssl HTTP/1.1" 200 61953 1387 > TCP_MISS:HIER_DIRECT "Mozilla/5.0 (Windows NT 6.1; rv:48.0) Gecko/20100101 > Firefox/48.0" > 127.0.0.1 - myaccount [15/Sep/2016:09:40:08 +0200] "POST > https://www.google.fr/gen_204?atyp=i&ct=slh&cad=&ei=EVDaV-rAOcS7adLmucAF&s=4&v=2&pv=0.19272099408438004&me=5:1473925302218,e,H&zx=1473925302220 > HTTP/1.1" 204 401 1571 TCP_MISS:HIER_DIRECT "Mozilla/5.0 (Windows NT 6.1; > rv:48.0) Gecko/20100101 Firefox/48.0" > 127.0.0.1 - myaccount [15/Sep/2016:09:40:08 +0200] "GET > https://www.google.fr/complete/search?sclient=psy-ab&site=&source=hp&q=&oq=&gs_l=&pbx=1&bav=on.2,or.r_cp.&fp=1&biw=995&bih=554&dpr=1.25&pf=p&gs_rn=64&gs_ri=psy-ab&tok=yZHeL-_L5Be_JazeSm0Mtg&cp=0&gs_id=0&xhr=t&tch=1&ech=1&psi=tVDaV7_DMsXqauCygeAF.1473925302436.1 > HTTP/1.1" 200 913 1618 TCP_MISS:HIER_DIRECT "Mozilla/5.0 (Windows NT 6.1; > rv:48.0) Gecko/20100101 Firefox/48.0" > 127.0.0.1 - myaccount [15/Sep/2016:09:40:08 +0200] "GET > https://www.google.fr/gen_204?v=3&s=webhp&atyp=csi&ei=tVDaV7_DMsXqauCygeAF&imc=2&imn=2&imp=0&adh=&xjs=init.26.20.sb.18.p.3.jsa.1.abd.1.foot.1&ima=0&rt=xjsls.21,prt.41,iml.41,dcl.82,xjses.124,jraids.149,jraide.153,xjsee.185,xjs.185,ol.217,aft.41,wsrt.748,cst.1,dnst.0,rqst.522,rspt.533,rqstt.161,unt.143,cstt.144,dit.816 > HTTP/1.1" 204 401 1616 TCP_MISS:HIER_DIRECT "Mozilla/5.0 (Windows NT 6.1; > rv:48.0) Gecko/20100101 Firefox/48.0" Above are bumped requests sent inside the tunnel. Proxy #1 did not interact with them, so it has no way to add XFF headers. The SSL-Bump logic does not yet store some things like indirect client IP and associate them with the bumped requests. Amos ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
[squid-users] Squid 3.5.21 ssl bump and x-forward
Hello, I'm testing SSlBump and it works good, however I'm seeing something strange with two proxies and x-forwarded enabled to the first, some requests are wrote with the first proxy address. user -> squid (fowarded_for on) -> squid (follow_x_forwarded_for allow all) -> Net Here log from the second squids, on same server, (same result when there are separate 127.0.0.1 = IP FIRST SQUID) 10.x.x.x.x - myaccount [15/Sep/2016:09:40:07 +0200] "CONNECT www.google.fr:443 HTTP/1.0" 200 0 440 TAG_NONE:HIER_NONE "Mozilla/5.0 (Windows NT 6.1; rv:48.0) Gecko/20100101 Firefox/48.0" 10.x.x.x.x - myaccount [15/Sep/2016:09:40:07 +0200] "GET http://www.google.fr/ HTTP/1.0" 302 643 1575 TCP_MISS:HIER_DIRECT "Mozilla/5.0 (Windows NT 6.1; rv:48.0) Gecko/20100101 Firefox/48.0" 10.x.x.x.x - myaccount [15/Sep/2016:09:40:07 +0200] "CONNECT www.google.fr:443 HTTP/1.0" 200 0 440 TAG_NONE:HIER_NONE "Mozilla/5.0 (Windows NT 6.1; rv:48.0) Gecko/20100101 Firefox/48.0" 127.0.0.1 - myaccount [15/Sep/2016:09:40:07 +0200] "POST https://www.google.fr/gen_204?atyp=i&ct=slh&cad=&ei=EVDaV-rAOcS7adLmucAF&s=3&v=2&pv=0.19272099408438004&me=4:1473925301533,e,U&zx=1473925301536 HTTP/1.1" 204 401 1571 TCP_MISS:HIER_DIRECT "Mozilla/5.0 (Windows NT 6.1; rv:48.0) Gecko/20100101 Firefox/48.0" 127.0.0.1 - myaccount [15/Sep/2016:09:40:08 +0200] "GET https://www.google.fr/?gws_rd=ssl HTTP/1.1" 200 61953 1387 TCP_MISS:HIER_DIRECT "Mozilla/5.0 (Windows NT 6.1; rv:48.0) Gecko/20100101 Firefox/48.0" 127.0.0.1 - myaccount [15/Sep/2016:09:40:08 +0200] "POST https://www.google.fr/gen_204?atyp=i&ct=slh&cad=&ei=EVDaV-rAOcS7adLmucAF&s=4&v=2&pv=0.19272099408438004&me=5:1473925302218,e,H&zx=1473925302220 HTTP/1.1" 204 401 1571 TCP_MISS:HIER_DIRECT "Mozilla/5.0 (Windows NT 6.1; rv:48.0) Gecko/20100101 Firefox/48.0" 127.0.0.1 - myaccount [15/Sep/2016:09:40:08 +0200] "GET https://www.google.fr/complete/search?sclient=psy-ab&site=&source=hp&q=&oq=&gs_l=&pbx=1&bav=on.2,or.r_cp.&fp=1&biw=995&bih=554&dpr=1.25&pf=p&gs_rn=64&gs_ri=psy-ab&tok=yZHeL-_L5Be_JazeSm0Mtg&cp=0&gs_id=0&xhr=t&tch=1&ech=1&psi=tVDaV7_DMsXqauCygeAF.1473925302436.1 HTTP/1.1" 200 913 1618 TCP_MISS:HIER_DIRECT "Mozilla/5.0 (Windows NT 6.1; rv:48.0) Gecko/20100101 Firefox/48.0" 127.0.0.1 - myaccount [15/Sep/2016:09:40:08 +0200] "GET https://www.google.fr/gen_204?v=3&s=webhp&atyp=csi&ei=tVDaV7_DMsXqauCygeAF&imc=2&imn=2&imp=0&adh=&xjs=init.26.20.sb.18.p.3.jsa.1.abd.1.foot.1&ima=0&rt=xjsls.21,prt.41,iml.41,dcl.82,xjses.124,jraids.149,jraide.153,xjsee.185,xjs.185,ol.217,aft.41,wsrt.748,cst.1,dnst.0,rqst.522,rspt.533,rqstt.161,unt.143,cstt.144,dit.816 HTTP/1.1" 204 401 1616 TCP_MISS:HIER_DIRECT "Mozilla/5.0 (Windows NT 6.1; rv:48.0) Gecko/20100101 Firefox/48.0" 10.x.x.x.x - myaccount [15/Sep/2016:09:40:08 +0200] "CONNECT plus.google.com:443 HTTP/1.0" 200 0 446 TAG_NONE:HIER_NONE "Mozilla/5.0 (Windows NT 6.1; rv:48.0) Gecko/20100101 Firefox/48.0" 127.0.0.1 - myaccount [15/Sep/2016:09:40:08 +0200] "POST https://plus.google.com/u/0/_/n/gcosuc HTTP/1.1" 200 862 1388 TCP_MISS:HIER_DIRECT "Mozilla/5.0 (Windows NT 6.1; rv:48.0) Gecko/20100101 Firefox/48.0" 10.x.x.x.x - myaccount [15/Sep/2016:09:40:18 +0200] "CONNECT p5-d67enuz43bu7a-hck6hyjacaic2rnf-280807-i1-v6exp3-v4.metric.gstatic.com:443 HTTP/1.0" 200 0 617 TAG_NONE:HIER_NONE "Mozilla/5.0 (Windows NT 6.1; rv:48.0) Gecko/20100101 Firefox/48.0" 10.x.x.x.x - myaccount [15/Sep/2016:09:40:18 +0200] "CONNECT p5-d67enuz43bu7a-hck6hyjacaic2rnf-280807-i2-v6exp3-ds.metric.gstatic.com:443 HTTP/1.0" 200 0 617 TAG_NONE:HIER_NONE "Mozilla/5.0 (Windows NT 6.1; rv:48.0) Gecko/20100101 Firefox/48.0" 127.0.0.1 - myaccount [15/Sep/2016:09:40:18 +0200] "GET https://p5-d67enuz43bu7a-hck6hyjacaic2rnf-280807-i2-v6exp3-ds.metric.gstatic.com/v6exp3/6.gif HTTP/1.1" 200 1214 702 TCP_MISS:HIER_DIRECT "Mozilla/5.0 (Windows NT 6.1; rv:48.0) Gecko/20100101 Firefox/48.0" 127.0.0.1 - myaccount [15/Sep/2016:09:40:18 +0200] "GET https://p5-d67enuz43bu7a-hck6hyjacaic2rnf-280807-i1-v6exp3-v4.metric.gstatic.com/v6exp3/6.gif HTTP/1.1" 200 1214 702 TCP_MISS:HIER_DIRECT "Mozilla/5.0 (Windows NT 6.1; rv:48.0) Gecko/20100101 Firefox/48.0" 10.x.x.x.x - myaccount [15/Sep/2016:09:40:48 +0200] "CONNECT p5-d67enuz43bu7a-hck6hyjacaic2rnf-280807-s1-v6exp3-v4.metric.gstatic.com:443 HTTP/1.0" 200 0 617 TAG_NONE:HIER_NONE "Mozilla/5.0 (Windows NT 6.1; rv:48.0) Gecko/20100101 Firefox/48.0" 127.0.0.1 - myaccount [15/Sep/2016:09:40:48 +0200] "GET https://p5-d67enuz43bu7a-hck6hyjacaic2rnf-280807-s1-v6exp3-v4.metric.gstatic.com/gen_204?ipv6exp=3&sentinel=1&v4_img_dt=270&ds_img_dt=253 HTTP/1.1" 204 1393 601 TCP_MISS:HIER_DIRECT "Mozilla/5.0 (Windows NT 6.1; rv:48.0) Gecko/20100101 Firefox/48.0" Fred ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users