[squid-users] regex for normal websites

robert k Wild robertkwild at gmail.com
Tue Aug 2 15:23:51 UTC 2022 

mmm... so i just want to know and really sorry for the dumb question, so

adobe\.com$

works but then again if a website was eg

hackadobe\.com$

that would work as well probably, so i want to do something like this

\.adobe\.com$

ie put a dot . infront of adobe so

www.adobe.com or
account.adobe.com

would work but then

hackadobe\.com$

would no longer work




On Tue, 2 Aug 2022 at 15:27, <ngtech1ltd at gmail.com> wrote:

> Hey Robert,
>
>
>
> I will test this with latest squid and my Apps helper and will verify.
>
>
>
> Thanks,
>
> Eliezer
>
>
>
> ----
>
> Eliezer Croitoru
>
> NgTech, Tech Support
>
> Mobile: +972-5-28704261
>
> Email: ngtech1ltd at gmail.com
>
> Web: https://ngtech.co.il/
>
> My-Tube: https://tube.ngtech.co.il/
>
>
>
> *From:* robert k Wild <robertkwild at gmail.com>
> *Sent:* Tuesday, 2 August 2022 15:15
> *To:* Eliezer Croitoru <ngtech1ltd at gmail.com>
> *Cc:* Squid Users <squid-users at lists.squid-cache.org>
> *Subject:* Re: [squid-users] regex for normal websites
>
>
>
> ok i have tested and this works
>
>
>
> adobe\.com$
>
>
>
> i found it weird this didnt work
>
>
>
> \.adobe\.com
>
>
>
> just curious thats all
>
>
>
> On Tue, 2 Aug 2022 at 13:05, <ngtech1ltd at gmail.com> wrote:
>
> I believe it should have been:
>
> ^adobe\.com$
>
> ^.*\.adobe\.com$
>
> ^\*\.adobe\.com$
>
>
>
> But I don’t know the code to this depth.
>
> If I would have written the match I think it would have been something a
> bit different.
>
>    - A match for SNI
>    - A joker match for SAN ie *.adobe.com SAN should catch both
>    www.www.adobe.com
>
>
>
> But for some reason it’s not like that, I assume the browsers and the
> libraries doesn’t implement it for an unknown reason.
>
>
>
> If Alex or anyone else from Factory knows the details of the ACL they can
> answer more then me.
>
>
>
> Thanks,
>
> Eliezer
>
>
>
> ----
>
> Eliezer Croitoru
>
> NgTech, Tech Support
>
> Mobile: +972-5-28704261
>
> Email: ngtech1ltd at gmail.com
>
> Web: https://ngtech.co.il/
>
> My-Tube: https://tube.ngtech.co.il/
>
>
>
> *From:* robert k Wild <robertkwild at gmail.com>
> *Sent:* Tuesday, 2 August 2022 14:51
> *To:* Eliezer Croitoru <ngtech1ltd at gmail.com>
> *Cc:* Squid Users <squid-users at lists.squid-cache.org>
> *Subject:* Re: [squid-users] regex for normal websites
>
>
>
> thanks Eliezer
>
>
>
> so it should be
>
>
>
> adobe\.com
>
>
>
> not
>
>
>
> .adobe.\com or
>
>
>
> ^.*adobe.com
>
>
>
> as the ^.* could include
>
>
>
> blahadobe.com
>
>
>
>
>
>
>
> On Thu, 28 Jul 2022 at 08:14, <ngtech1ltd at gmail.com> wrote:
>
> Hey Robert,
>
>
>
> The docs at http://www.squid-cache.org/Doc/config/acl/  states:
>
>
>
>         acl aclname ssl::server_name_regex [-i] \.foo\.com ...
>
>           # regex matches server name obtained from various sources [fast]
>
>
>
> Which and I do not know exactly what it means but it will not work with a
> helper in most cases.
>
> I have found the in the git the next sources:
>
>
> https://github.com/squid-cache/squid/blob/bf95c10aa95bf8e56d9d8d1545cb5a3aafab0d2c/doc/release-notes/release-3.5.sgml#L414
>
>
>
>                 New types ssl::server_name  and ssl::server_name_regex
>
>                    to match server name from various sources (CONNECT
> authority name,
>
>                    TLS SNI domain, or X.509 certificate Subject Name).
>
>
>
> Which means that there is a set of checks which the acl does and not just
> a domain name.
>
> It’s also even possible that the domain name is not know in the CONNECT
> state of the connection.
>
> If I remember correctly there is a possibility for browsers to use the
> same exact connection for multiple domains but
> I have not seen this yet in production.
>
> With Squid once you bump the connection to HTTP/1.x you can make 100% sure
> the features of the Host header request.
>
>
>
> At Servername.cc ie:
>
>
> https://github.com/squid-cache/squid/blob/aee3523a768aff4d1e6c1195c4a401b4ef5688a0/src/acl/ServerName.cc#L81
>
>
>
> There is a specific logic of what is done and what is matched but I am not
> sure what would be used in the case of:
>
> *.adobe.com
>
>
>
> Certificate SAN.
>
>
>
> Specifically This part of the Common Names ie SAN:
>
>
> https://github.com/squid-cache/squid/blob/aee3523a768aff4d1e6c1195c4a401b4ef5688a0/src/acl/ServerName.cc#L105
>
>
>
> which to my understanding points to:
>
>
> https://github.com/squid-cache/squid/blob/d146da3bfe7083381ae7ab38640cbfd0d2542374/src/ssl/support.cc#L195
>
>
>
> doesn’t make any sense to me.( didn’t tried that much to understand)
>
>
>
> If someone might be able to make sense of things in a synchronic fashion
> it would help.
>
> (I do not see any debugs usage there or any helping comment )
>
>
>
> Thanks,
>
> Eliezer
>
>
>
> ----
>
> Eliezer Croitoru
>
> NgTech, Tech Support
>
> Mobile: +972-5-28704261
>
> Email: ngtech1ltd at gmail.com
>
> Web: https://ngtech.co.il/
>
> My-Tube: https://tube.ngtech.co.il/
>
>
>
> *From:* squid-users <squid-users-bounces at lists.squid-cache.org> *On
> Behalf Of *robert k Wild
> *Sent:* Wednesday, 27 July 2022 13:52
> *To:* Squid Users <squid-users at lists.squid-cache.org>
> *Subject:* Re: [squid-users] regex for normal websites
>
>
>
> that's the weird thing, when i try this in  "ssl::server_name_regex"
>
> .adobe.com
>
>
>
> it doesnt work
>
>
>
> you mean escape ie the \ character
>
>
>
>
>
>
>
>
>
>
>
> On Wed, 27 Jul 2022 at 11:05, Matus UHLAR - fantomas <uhlar at fantomas.sk>
> wrote:
>
> On 27.07.22 10:54, robert k Wild wrote:
> >think i got it right but just want to double check with you guys
> >
> >so in my "ssl::server_name" i had
> >.adobe.com
> >
> >that worked but i want to mix normal website and regex websites together
> so
> >i just have one list for all
>
> didn't the above work?  AFAIK it should, IIRC domain matching in squid
> matches "domain.com" if you check for ".domain.com".
>
> >i now have this for "ssl::server_name_regex"
> >^.*adobe.com$
> >
> >it works, so im guessing its right
>
> the dot should be escaped
>
>
> --
> Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> BSE = Mad Cow Desease ... BSA = Mad Software Producents Desease
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
>
>
>
> --
>
> Regards,
>
> Robert K Wild.
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
>
>
> --
>
> Regards,
>
> Robert K Wild.
>
>
>
>
> --
>
> Regards,
>
> Robert K Wild.
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>


-- 
Regards,

Robert K Wild.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20220802/38a36559/attachment-0001.htm>

More information about the squid-users mailing list