Hey guys, Can anyone please help me to get the knowledge about squid request parsing and handling. I mean in which files (.c) ACL settings are parsed and handled when request http recieved in squid.
Thanks , Vineet On 23 Feb 2018 6:50 a.m., "Eliezer Croitoru" <elie...@ngtech.co.il> wrote: > OK then. > If it's doable then it's only waiting for the client who will want to fund > this feature. > > Thanks, > Eliezer > > ---- > Eliezer Croitoru > Linux System Administrator > Mobile: +972-5-28704261 > Email: elie...@ngtech.co.il > > > > -----Original Message----- > From: Alex Rousskov [mailto:rouss...@measurement-factory.com] > Sent: Thursday, February 22, 2018 23:19 > To: Eliezer Croitoru <elie...@ngtech.co.il>; squid-dev@lists.squid-cache. > org > Subject: Re: [squid-dev] SSL-BUMP distinguish between mobile devices such > as IOS or ANDROID vs PC request > > On 02/22/2018 11:56 AM, Eliezer Croitoru wrote: > > > I was wondering about the options to distinguish mobile devices TLS\SSL > > requests compared to PC one's. > > You need ACLs that can match various TLS Client Hello fields (mostly > message version, protocol version, and ciphers) and a knowledgebase of > typical Hellos for the devices/clients you are interested in. A > Hello-based solution cannot be 100% reliable, but I bet you can identify > many popular OS versions (and, as a consequence, even some physical > devices) with a good-enough probability (for most applications). > > IIRC, Squid does not have ACLs that interrogate TLS Client Hello with > the exception of SNI (i.e., ssl::server_name --client_requested). > However, it should not be very difficult to add such ACLs and they would > be generally useful IMO. > > > Forward proxies can also examine CONNECT headers. That is already > supported AFAIK. > > > Examining TCP/IP packet headers would also be useful in many cases, but > that is harder to do directly in Squid. > > > HTH, > > Alex. > > _______________________________________________ > squid-dev mailing list > squid-dev@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-dev >
_______________________________________________ squid-dev mailing list squid-dev@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-dev