[squid-users] Fwd: Squid https bump and google apps

Lucas Castro lucascastroborges at gmail.com
Fri Jan 15 18:42:54 UTC 2016 

Yuri,
Now I can see, I'm really doing something wrong,
cause I can't see the FQDN at access.log
What can be the possible problem that I can get just IP:PORT?

On 15-01-2016 15:23, Yuri Voinov wrote:
>
>
>
> 15.01.16 23:55, lucas castro пишет:
> > Amos, Sorry for emailing right to you.
> > ---------- Forwarded message ----------
> > From: lucas castro <lucascastroborges at gmail.com>
> > Date: Fri, Jan 15, 2016 at 2:54 PM
> > Subject: Re: [squid-users] Squid https bump and google apps
> > To: Amos Jeffries <squid3 at treenet.co.nz>
>
>
> > Amos, I'm already using squid-3.5.13 with sni,
> > the problem is, google use the same certificate for youtube.com,
> google.com
> > and some others.
> > Or Am I doing something wrong?
> Yes. SSL Bump is _not_ main ACL tool. So, use SNI as geberal ACL is
> bad idea.
>
> Right way is:
>
> - Using bump to make FQDN visible and, next
> - Using general ACL to access control _or_
> - Using redirector to filter out URL's.
>
>
> > On Fri, Jan 15, 2016 at 2:33 PM, Amos Jeffries
> <squid3 at treenet.co.nz> wrote:
>
> >> On 16/01/2016 3:35 a.m., Lucas Castro wrote:
> >>> I've hard worked against google applications,
> >>> The points is, google use the same certificate for a bunch of
> different
> >>> apps,
> >>> like google.com, youtube.com, drive.google.com.
> >>> I'd like to know if someone already got terminated youtube.com and
> >>> keep working google.com and others services.
> >>
> >> It is possible. Using the Squid-3.5 peek-and-splice feature with SNI
> >> detection.
> >>
> >> Amos
> >>
> >> _______________________________________________
> >> squid-users mailing list
> >> squid-users at lists.squid-cache.org
> >> http://lists.squid-cache.org/listinfo/squid-users
> >>
>
>
>
>
>
> > _______________________________________________
> > squid-users mailing list
> > squid-users at lists.squid-cache.org
> > http://lists.squid-cache.org/listinfo/squid-users
>
>
>
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160115/94afe183/attachment.html>

More information about the squid-users mailing list