[squid-users] extract http headers from CONNECT / bumped ssl?
Alex Rousskov
rousskov at measurement-factory.com
Fri Aug 25 00:16:43 UTC 2017
On 08/24/2017 06:00 PM, Aaron Turner wrote:
> So I've deployed squid in forward mode, installed the CA in my web
> clients, etc and have squid working fine for both http and https
> traffic.
Forgive me for double checking, but is SSL bumping actually working? For
example, do you see individual decrypted HTTPS requests in access.log?
What is your Squid version?
> One thing I need to do is be able to extract a http request header
> into an external_acl_type:
>
> external_acl_type client_ip_map_0 %>{My-Custom-Client-Id}
> /usr/lib64/squid/user_loadbalance.py 0 4
That is not your actual external_acl_type line, I hope. The %>h part
looks malformed.
> This works fine for standard HTTP requests, but doesn't work for https
> queries via CONNECT. Is there some way to configure Squid to parse
> them?
Do you need to extract My-Custom-Client-Id header field value from
* the CONNECT request itself,
* the HTTP requests inside the (bumped) CONNECT tunnel,
* or all of the above?
Is that header field actually _present_ in the request(s) you want to
extract it from? You can answer this question by analyzing packet dumps
(wireshark can decrypt SSL for you) and/or by looking at cache.log with
debug_options set to ALL,2.
If you omit the parameter and simply use %>h, does the helper get any
headers?
If you see a request with the desired header and %>h expansion lacks it,
consider filing a bug report with the relevant information.
Thank you,
Alex.
More information about the squid-users
mailing list