[squid-users] squid with sslbump blocking Netflix

Yuri Voinov yvoinov at gmail.com
Wed Mar 2 21:27:15 UTC 2016 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
 
acl GetSNI at_step SslBump1
acl NoSSLIntercept ssl::server_name netflix.com ntflx.com ntflximg.com
ntflxvideo.com
ssl_bump peek GetSNI
ssl_bump splice NoSSLIntercept
ssl_bump bump all


03.03.16 3:12, Bmahak2005 пишет:
> Ok i read the doc but I am afraid i do not know where yo start
> I know that netflix traffic comes from these server domains
> .netflix.com <http://netflix.com>
> .ntflx.com <http://ntflx.com>
> .ntflximg.com <http://ntflximg.com>
> .ntflxvideo.com <http://ntflxvideo.com>
> But how can I setup my config file to just tell squid do not bump
netflix traffic and i am not interested in caching it or guarding against it
> How can I use splice for that?
>
> Sent from my iPhone
>
> On Mar 2, 2016, at 12:48 PM, Yuri Voinov <yvoinov at gmail.com
<mailto:yvoinov at gmail.com>> wrote:
>
>>
> With peek and splice feature.
>
> http://wiki.squid-cache.org/Features/SslPeekAndSplice
>
> 03.03.16 2:45, Bmahak2005 пишет:
> > Thanks for the hint. How can I
>       do that ?
>
>
>
>
>
>       > Sent from my iPhone
>
>
>
>       >> On Mar 2, 2016, at 11:09 AM, Yuri Voinov
>       <yvoinov at gmail.com> wrote:
>
>       >>
>
>       >>
>
>       > Nobody can fight SSL pinning in proprietary apps.
>
>
>
>       > The only way I see is to put Netflex under splice ACL and do
>       not do SSL
>
>       > bump for all Netflex CDN.
>
>
>
>       > 02.03.16 22:29, bma пишет:
>
>       > >>> I have installed squid 3.15 on ubuntu 15.10
>       server. squid was setup with
>
>       > >>> sslbump for https traffic. The functionality
>       work without any problem
>
>       > i.e. :
>
>       > >>> all traffic from both http and https goes
>       through squid and all
>
>       > internet can
>
>       > >>> be accessed on all devices where certificates
>       are installed. With one
>
>       > >>> exception : 'Netflix APP' no longer works on IOS
>       devices (iPhone,
>
>       > iPad). no
>
>       > >>> matter what I do. All other internet services
>       (safari, and other apps)
>
>       > work
>
>       > >>> properly on those devices. And I was able to run
>       Netflix from browser on
>
>       > >>> linux boxes and even OS X safari. The only thing
>       that is not working is
>
>       > >>> Netflix APP on IOS.
>
>       > >>>
>
>       > >>> Of course if I disable sslbump and only allow
>       http to go through squid
>
>       > >>> netflix works. I tried both transparent mode and
>       proxy mode on the iPhone,
>
>       > >>> still not working.
>
>       > >>>
>
>       > >>> Did anyone manage to make Netflix APP on IOS
>       devices work with squid with
>
>       > >>> sslbump enabled ?
>
>       > >>>
>
>       > >>>
>
>       > >>>
>
>       > >>> --
>
>       > >>> View this message in context:
>
>
>
http://squid-web-proxy-cache.1019090.n4.nabble.com/squid-with-sslbump-blocking-Netflix-tp4676381.html
>
>       > >>> Sent from the Squid - Users mailing list archive
>       at Nabble.com <http://nabble.com>.
>
>       > >>> _______________________________________________
>
>       > >>> squid-users mailing list
>
>       > >>> squid-users at lists.squid-cache.org
>
>       > >>>
>       http://lists.squid-cache.org/listinfo/squid-users
>
>
>
>       >>
>
>       >> <0x613DEC46.asc>
>
>       >> _______________________________________________
>
>       >> squid-users mailing list
>
>       >> squid-users at lists.squid-cache.org
>
>       >> http://lists.squid-cache.org/listinfo/squid-users
>
>>
>> <0x613DEC46.asc>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
 
iQEcBAEBCAAGBQJW11qyAAoJENNXIZxhPexGOK0IAJSid5eBZirWSyv78E6Dqj0U
tSoanZ/LCBVPbYjnukKJ/OwIcR3TnglnHpYXMde4iwwGm3Z+RDG5qEaTor89ieED
68JUTV1VqM7sxghE/Sm9L4VYH1Cme9vz0E7apE53tz/yKKYmJG5reYzBQKBWM4i+
J/gFmDX1ageXoH14zQ5XbFdOoz8YfKIFkLxtFO7Karjwp/H97X6KhbBfPMBouO5U
qEp0/dbmkgHgCqr9bQzYM/quypXoiJoMiYnm0XBP4Q2gMjoBMcYcZSqhJNnwgUxi
F79VzEJajUVDqW+/w9g8V7idm2Zj9OTU+TABpiknlXanxo6TMbKuaADZV9mTfcU=
=GBtP
-----END PGP SIGNATURE-----

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160303/00517a3d/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x613DEC46.asc
Type: application/pgp-keys
Size: 2437 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160303/00517a3d/attachment-0001.key>

More information about the squid-users mailing list