[squid-users] grab hostnames via SNI to use it for parent proxy

Amos Jeffries squid3 at treenet.co.nz
Thu Jun 4 22:46:03 UTC 2015


On 5/06/2015 10:22 a.m., Amos Jeffries wrote:
> On 5/06/2015 3:59 a.m., Atman Sense wrote:
>> Hi,
>>
>> I'm using privoxy in transparent/intercepting mode to filter tracking
>> sites. Because many sites switched to https I want to block https sites,
>> too (only by hostnames, I don't want to decrypt the SSL connections).
>>
>> My idea was to use squid to intercept https connections and peek/splice
>> to get the hostname via SNI.
>>
>> The problem is: When using a parent proxy, squid always "CONNECT" the IP
>> and not the hostname, even if it is aware of it through SNI. Can I get
>> squid to use the hostnames instead of IPs?

Sorry, I was not reading your questio fully and correctly.

The default log records the requested URL. On intercepted TLS
connections there is none (just raw-IP:port), SNI is its own thing
separately.

You can log SNI, but with the custom log format tag %ssl::>sni

Amos



More information about the squid-users mailing list