[squid-users] Squid and Epic Games HCapctca
Alex Rousskov
rousskov at measurement-factory.com
Fri Aug 5 14:57:02 UTC 2022
On 8/5/22 05:10, Adam Barnett wrote:
> maybe i am doing something wrong, here is my config
> ssl_bump splice ...
> ssl_bump bump dst_quixel
> ssl_bump peek dst_quixel
> ssl_bump stare dst_quixel
The combination of the last three ssl_bump rules does not make sense
because Squid will never reach those peek and stare rules. The bump rule
can be applied during any SslBump step, so Squid will not see any
same-ACL ssl_bump directives below it -- the first matching rule (that
can be applied during the current step) wins.
I do not know what logic you are trying to express with those rules, but
the above configuration does not express that (or any) logic well. I
hope Eliezer can guide you towards a reasonable solution here.
HTH,
Alex.
>
> On Thu, 4 Aug 2022 at 22:58, <ngtech1ltd at gmail.com
> <mailto:ngtech1ltd at gmail.com>> wrote:
>
> Please don’t bang your head… everybody is here for you.____
>
> Sometimes it takes time to respond but you will get your answers.____
>
> __ __
>
> https://www.ngtech.co.il/squid/support-save/support-save-2022-08-05_00-51-47.tar.gz
> <https://www.ngtech.co.il/squid/support-save/support-save-2022-08-05_00-51-47.tar.gz>____
>
> __ __
>
> Is not the fastest connection and it has a blacklist in the DB dump
> so for now it’s a production system but works good enough for me.____
>
> I hope it’s not too much information in the support save file.____
>
> __ __
>
> Let me know if it makes more sense for you.____
>
> AlsoI am happy that you have asked this question since now others
> can enjoy from the answer 😊____
>
> __ __
>
> Eliezer____
>
> __ __
>
> ----____
>
> Eliezer Croitoru____
>
> NgTech, Tech Support____
>
> Mobile: +972-5-28704261____
>
> Email: ngtech1ltd at gmail.com <mailto:ngtech1ltd at gmail.com>____
>
> Web: https://ngtech.co.il/ <https://ngtech.co.il/>____
>
> My-Tube: https://tube.ngtech.co.il/ <https://tube.ngtech.co.il/>____
>
> __ __
>
> *From:*Adam Barnett <abarnett at belofx.com <mailto:abarnett at belofx.com>>
> *Sent:* Friday, 5 August 2022 0:44
> *To:* ngtech1ltd at gmail.com <mailto:ngtech1ltd at gmail.com>
> *Cc:* squid-users at lists.squid-cache.org
> <mailto:squid-users at lists.squid-cache.org>
> *Subject:* Re: [squid-users] Squid and Epic Games HCapctca____
>
> __ __
>
> Sure, the more the beter, ive been banging my head against the wall
> for a while on this____
>
> __ __
>
> Adam ____
>
> __ __
>
> On Thu, 4 Aug 2022 at 22:41, <ngtech1ltd at gmail.com
> <mailto:ngtech1ltd at gmail.com>> wrote:____
>
> You are welcome.____
>
> ____
>
> I wrote an app that does everything for me so I just need to
> dump the database into a:____
>
> ssl::server_namedirective____
>
> ____
>
> it’s basically:____
>
> ## START____
>
> aclNoBump_server_name ssl::server_name
> "/etc/squid/no-ssl-bump-server-name.list"____
>
> ____
>
> acltls_to_splice any-of inspect_only NoBump_src
> NoBump_server_name NoBump_server_regex_by_urls_domain
> NoBump_server_regex____
>
> ____
>
> ssl_bumppeek app_matcher_helper____
>
> ssl_bumppeek tls_s1_connect____
>
> ____
>
> ssl_bumpbump app_matcher_helper____
>
> ssl_bumpbump app_reader_helper____
>
> ssl_bumpbump deny_note____
>
> ____
>
> ssl_bumpsplice app_matcher_helper____
>
> ssl_bumpsplice tls_to_splice____
>
> ____
>
> ssl_bumpstare app_matcher_helper____
>
> ssl_bumpstare tls_s2_client_hello____
>
> ____
>
> ssl_bumpbump app_matcher_helper____
>
> ssl_bumpbump tls_to_bump____
>
> ## END____
>
> ____
>
> If you want I can upload a snippet of the whole setup dump with
> hope you could make use of it.____
>
> ____
>
> Eliezer____
>
> ____
>
> ----____
>
> Eliezer Croitoru____
>
> NgTech, Tech Support____
>
> Mobile: +972-5-28704261____
>
> Email: ngtech1ltd at gmail.com <mailto:ngtech1ltd at gmail.com>____
>
> Web: https://ngtech.co.il/ <https://ngtech.co.il/>____
>
> My-Tube: https://tube.ngtech.co.il/ <https://tube.ngtech.co.il/>____
>
> ____
>
> *From:*Adam Barnett <abarnett at belofx.com
> <mailto:abarnett at belofx.com>>
> *Sent:* Friday, 5 August 2022 0:26
> *To:* ngtech1ltd at gmail.com <mailto:ngtech1ltd at gmail.com>
> *Cc:* squid-users at lists.squid-cache.org
> <mailto:squid-users at lists.squid-cache.org>
> *Subject:* Re: [squid-users] Squid and Epic Games HCapctca____
>
> ____
>
> תודה רבה
> It looks like you are using a database and then building the
> config from that? any cahnce you can send me the snippet of the
> config instead of the DB bits? ? ____
>
> ____
>
> Thanks again ____
>
> ____
>
> Adam ____
>
> ____
>
> On Thu, 4 Aug 2022 at 22:18, <ngtech1ltd at gmail.com
> <mailto:ngtech1ltd at gmail.com>> wrote:____
>
> Hey Adam,____
>
> ____
>
> I recorded a video for you on how I do it at:____
>
> https://cloud1.ngtech.co.il/static/squid-data/splice-epic-games.mp4
> <https://cloud1.ngtech.co.il/static/squid-data/splice-epic-games.mp4>____
>
> ____
>
> So basically the relevant domains are:____
>
> ____
>
> epicgames-download1.akamaized.net
> <http://epicgames-download1.akamaized.net>____
>
> .epicgames.com <http://epicgames.com>____
>
> .unrealengine.com <http://unrealengine.com>____
>
> ____
>
> And you can peek at robert k Wild mail: “regex for normal
> websites”____
>
> ____
>
> And it contains the relevant technical details.____
>
> If for any reason you need a more detailed answer let me
> know.____
>
> ____
>
> Yours,____
>
> Eliezer ____
>
> ____
>
> ----____
>
> Eliezer Croitoru____
>
> NgTech, Tech Support____
>
> Mobile: +972-5-28704261____
>
> Email: ngtech1ltd at gmail.com <mailto:ngtech1ltd at gmail.com>____
>
> Web: https://ngtech.co.il/ <https://ngtech.co.il/>____
>
> My-Tube: https://tube.ngtech.co.il/
> <https://tube.ngtech.co.il/>____
>
> ____
>
> *From:*squid-users
> <squid-users-bounces at lists.squid-cache.org
> <mailto:squid-users-bounces at lists.squid-cache.org>> *On
> Behalf Of *Adam Barnett
> *Sent:* Thursday, 4 August 2022 14:28
> *To:* squid-users at lists.squid-cache.org
> <mailto:squid-users at lists.squid-cache.org>
> *Subject:* [squid-users] Squid and Epic Games HCapctca____
>
> ____
>
> Hi All, ____
>
> ____
>
> I am trying to get squid to allow me to login to
> Epicgames.com with my epic login, i get to the login page
> and get the hcaptca images and everytime i get "invalid
> response" ____
>
> ____
>
> i looked at the headers and the only error that i can see is
> "The cache information is missing from the entry" ____
>
> ____
>
> My config looks like so
>
> workers 2
>
> ```
> # Leave coredumps in the first cache dir
> coredump_dir /var/spool/squid
>
> http_port 3128 ssl-bump dynamic_cert_mem_cache_size=16MB
> generate-host-certificates=on
> cert=/etc/squid/certs/squid-ca-cert-key.pem
>
> sslcrtd_program /usr/lib64/squid/security_file_certgen -s
> /var/spool/squid/ssl -M 16MB
> dns_nameservers 10.5.1.2 8.8.8.8
> visible_hostname foo-proxy-1
> forwarded_for truncate
> via off
>
> # Send to file
> access_log daemon:/var/log/squid/access.log
>
>
>
> acl CONNECT method CONNECT
> acl local src 10.0.0.0/8 <http://10.0.0.0/8>
> always_direct allow all
> request_header_add X-GoogApps-Allowed-Domains "foo.com
> <http://foo.com>" all
>
> memory_replacement_policy heap GDSF
> maximum_object_size 100 KB
> maximum_object_size 1 MB
>
> cache allow all
> cache_mem 256 MB
> cache_dir rock /var/spool/squid 1024
> memory_pools off
> cache_swap_low 90
> client_persistent_connections on
>
>
> http_access allow localhost manager
> http_access deny manager
>
> # SquidGaurd
> url_rewrite_program /usr/bin/squidGuard
> ```
>
> Any suggestions? ____
>
> ____
>
> Thanks____
>
> Adam Barnett
> Senior SysAdmin beloFX____
>
> **____
>
>
>
> ____
>
>
>
> abarnett at belofx.com
> <https://514584150-atari-embeds.googleusercontent.com/embeds/16cb204cf3a9d4d223a0a3fd8b0eec5d/inner-frame-minified.html?jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.dzXZWX9QTbE.O%2Fd%3D1%2Frs%3DAHpOoo_epIQDPHdjFr3MLkazUi2Jmy50dQ%2Fm%3D__features__>____
>
> **____
>
>
>
> ____
>
>
>
> www.belofx.com <http://www.belofx.com/>____
>
> **____
>
>
>
> ____
>
>
>
> LinkedIn <http://www.linkedin.com/company/belofx>____
>
> ____
>
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
More information about the squid-users
mailing list