[squid-users] Fwd: Squid https bump and google apps
Yuri Voinov
yvoinov at gmail.com
Fri Jan 15 18:23:48 UTC 2016
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
15.01.16 23:55, lucas castro пишет:
> Amos, Sorry for emailing right to you.
> ---------- Forwarded message ----------
> From: lucas castro <lucascastroborges at gmail.com>
> Date: Fri, Jan 15, 2016 at 2:54 PM
> Subject: Re: [squid-users] Squid https bump and google apps
> To: Amos Jeffries <squid3 at treenet.co.nz>
>
>
> Amos, I'm already using squid-3.5.13 with sni,
> the problem is, google use the same certificate for youtube.com,
google.com
> and some others.
> Or Am I doing something wrong?
Yes. SSL Bump is _not_ main ACL tool. So, use SNI as geberal ACL is bad
idea.
Right way is:
- - Using bump to make FQDN visible and, next
- - Using general ACL to access control _or_
- - Using redirector to filter out URL's.
>
>
> On Fri, Jan 15, 2016 at 2:33 PM, Amos Jeffries <squid3 at treenet.co.nz>
wrote:
>
>> On 16/01/2016 3:35 a.m., Lucas Castro wrote:
>>> I've hard worked against google applications,
>>> The points is, google use the same certificate for a bunch of different
>>> apps,
>>> like google.com, youtube.com, drive.google.com.
>>> I'd like to know if someone already got terminated youtube.com and
>>> keep working google.com and others services.
>>
>> It is possible. Using the Squid-3.5 peek-and-splice feature with SNI
>> detection.
>>
>> Amos
>>
>> _______________________________________________
>> squid-users mailing list
>> squid-users at lists.squid-cache.org
>> http://lists.squid-cache.org/listinfo/squid-users
>>
>
>
>
>
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJWmTk0AAoJENNXIZxhPexGsXMH/34A845b1aP2K5MMt1gKBvHw
flOC1IK5jyAm8GhhCxrNwEqmYpkMhYISav/wJzwCnlXwoadNC0zD+AXvDRFF7Stb
P8EMgYG//ZWOaSVfRgv4r9Bdf8UY3ujuk35jHaIIgBrDyJKHnyLOKOaRtNC7IaOB
fdnk9dpHLae5V7OqwHSOZ8FapfYRXtbQzgG7t2EOR/0MuZg1EigOm0r5MnpKg6UG
8sEKaRAaJ5UE+9sA7KOvXBv/4KhfJNr2pJthqnLrRnM6Ye1VexyZzLU02ijRDsKC
4lkX24kHWGgj5g350vWaiN/uzChzqxxwZActwbdPi33n/vkT12TffSUPeZn2jnY=
=zavO
-----END PGP SIGNATURE-----
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160116/bcf9e9b3/attachment.html>
More information about the squid-users
mailing list