[squid-users] Squid and Epic Games HCapctca
Adam Barnett
abarnett at belofx.com
Thu Aug 11 21:22:07 UTC 2022
Sorry to bombard, but the plot thickens. it all works find on linux chrome
( centos 7) but windows 10/2022 server chrome you get the error
i did not think anything in squid is os specific
On Thu, 11 Aug 2022 at 21:41, Adam Barnett <abarnett at belofx.com> wrote:
> I have finally managed to get hold of someone from Epic Games and they
> took a look over their secret logs and said that it looks like squid is
> dropping/closing the connection too soon
>
> Any suggestions on what i can change to keep the connection open or from
> dropping
>
> Thanks
>
> On Fri, 5 Aug 2022 at 15:57, Alex Rousskov <
> rousskov at measurement-factory.com> wrote:
>
>> On 8/5/22 05:10, Adam Barnett wrote:
>> > maybe i am doing something wrong, here is my config
>>
>> > ssl_bump splice ...
>> > ssl_bump bump dst_quixel
>> > ssl_bump peek dst_quixel
>> > ssl_bump stare dst_quixel
>>
>>
>> The combination of the last three ssl_bump rules does not make sense
>> because Squid will never reach those peek and stare rules. The bump rule
>> can be applied during any SslBump step, so Squid will not see any
>> same-ACL ssl_bump directives below it -- the first matching rule (that
>> can be applied during the current step) wins.
>>
>> I do not know what logic you are trying to express with those rules, but
>> the above configuration does not express that (or any) logic well. I
>> hope Eliezer can guide you towards a reasonable solution here.
>>
>>
>> HTH,
>>
>> Alex.
>>
>>
>>
>> >
>> > On Thu, 4 Aug 2022 at 22:58, <ngtech1ltd at gmail.com
>> > <mailto:ngtech1ltd at gmail.com>> wrote:
>> >
>> > Please don’t bang your head… everybody is here for you.____
>> >
>> > Sometimes it takes time to respond but you will get your
>> answers.____
>> >
>> > __ __
>> >
>> >
>> https://www.ngtech.co.il/squid/support-save/support-save-2022-08-05_00-51-47.tar.gz
>> > <
>> https://www.ngtech.co.il/squid/support-save/support-save-2022-08-05_00-51-47.tar.gz
>> >____
>> >
>> > __ __
>> >
>> > Is not the fastest connection and it has a blacklist in the DB dump
>> > so for now it’s a production system but works good enough for
>> me.____
>> >
>> > I hope it’s not too much information in the support save file.____
>> >
>> > __ __
>> >
>> > Let me know if it makes more sense for you.____
>> >
>> > AlsoI am happy that you have asked this question since now others
>> > can enjoy from the answer 😊____
>> >
>> > __ __
>> >
>> > Eliezer____
>> >
>> > __ __
>> >
>> > ----____
>> >
>> > Eliezer Croitoru____
>> >
>> > NgTech, Tech Support____
>> >
>> > Mobile: +972-5-28704261____
>> >
>> > Email: ngtech1ltd at gmail.com <mailto:ngtech1ltd at gmail.com>____
>> >
>> > Web: https://ngtech.co.il/ <https://ngtech.co.il/>____
>> >
>> > My-Tube: https://tube.ngtech.co.il/ <https://tube.ngtech.co.il/
>> >____
>> >
>> > __ __
>> >
>> > *From:*Adam Barnett <abarnett at belofx.com <mailto:
>> abarnett at belofx.com>>
>> > *Sent:* Friday, 5 August 2022 0:44
>> > *To:* ngtech1ltd at gmail.com <mailto:ngtech1ltd at gmail.com>
>> > *Cc:* squid-users at lists.squid-cache.org
>> > <mailto:squid-users at lists.squid-cache.org>
>> > *Subject:* Re: [squid-users] Squid and Epic Games HCapctca____
>> >
>> > __ __
>> >
>> > Sure, the more the beter, ive been banging my head against the wall
>> > for a while on this____
>> >
>> > __ __
>> >
>> > Adam ____
>> >
>> > __ __
>> >
>> > On Thu, 4 Aug 2022 at 22:41, <ngtech1ltd at gmail.com
>> > <mailto:ngtech1ltd at gmail.com>> wrote:____
>> >
>> > You are welcome.____
>> >
>> > ____
>> >
>> > I wrote an app that does everything for me so I just need to
>> > dump the database into a:____
>> >
>> > ssl::server_namedirective____
>> >
>> > ____
>> >
>> > it’s basically:____
>> >
>> > ## START____
>> >
>> > aclNoBump_server_name ssl::server_name
>> > "/etc/squid/no-ssl-bump-server-name.list"____
>> >
>> > ____
>> >
>> > acltls_to_splice any-of inspect_only NoBump_src
>> > NoBump_server_name NoBump_server_regex_by_urls_domain
>> > NoBump_server_regex____
>> >
>> > ____
>> >
>> > ssl_bumppeek app_matcher_helper____
>> >
>> > ssl_bumppeek tls_s1_connect____
>> >
>> > ____
>> >
>> > ssl_bumpbump app_matcher_helper____
>> >
>> > ssl_bumpbump app_reader_helper____
>> >
>> > ssl_bumpbump deny_note____
>> >
>> > ____
>> >
>> > ssl_bumpsplice app_matcher_helper____
>> >
>> > ssl_bumpsplice tls_to_splice____
>> >
>> > ____
>> >
>> > ssl_bumpstare app_matcher_helper____
>> >
>> > ssl_bumpstare tls_s2_client_hello____
>> >
>> > ____
>> >
>> > ssl_bumpbump app_matcher_helper____
>> >
>> > ssl_bumpbump tls_to_bump____
>> >
>> > ## END____
>> >
>> > ____
>> >
>> > If you want I can upload a snippet of the whole setup dump with
>> > hope you could make use of it.____
>> >
>> > ____
>> >
>> > Eliezer____
>> >
>> > ____
>> >
>> > ----____
>> >
>> > Eliezer Croitoru____
>> >
>> > NgTech, Tech Support____
>> >
>> > Mobile: +972-5-28704261____
>> >
>> > Email: ngtech1ltd at gmail.com <mailto:ngtech1ltd at gmail.com>____
>> >
>> > Web: https://ngtech.co.il/ <https://ngtech.co.il/>____
>> >
>> > My-Tube: https://tube.ngtech.co.il/ <https://tube.ngtech.co.il/
>> >____
>> >
>> > ____
>> >
>> > *From:*Adam Barnett <abarnett at belofx.com
>> > <mailto:abarnett at belofx.com>>
>> > *Sent:* Friday, 5 August 2022 0:26
>> > *To:* ngtech1ltd at gmail.com <mailto:ngtech1ltd at gmail.com>
>> > *Cc:* squid-users at lists.squid-cache.org
>> > <mailto:squid-users at lists.squid-cache.org>
>> > *Subject:* Re: [squid-users] Squid and Epic Games HCapctca____
>> >
>> > ____
>> >
>> > תודה רבה
>> > It looks like you are using a database and then building the
>> > config from that? any cahnce you can send me the snippet of the
>> > config instead of the DB bits? ? ____
>> >
>> > ____
>> >
>> > Thanks again ____
>> >
>> > ____
>> >
>> > Adam ____
>> >
>> > ____
>> >
>> > On Thu, 4 Aug 2022 at 22:18, <ngtech1ltd at gmail.com
>> > <mailto:ngtech1ltd at gmail.com>> wrote:____
>> >
>> > Hey Adam,____
>> >
>> > ____
>> >
>> > I recorded a video for you on how I do it at:____
>> >
>> >
>> https://cloud1.ngtech.co.il/static/squid-data/splice-epic-games.mp4
>> > <
>> https://cloud1.ngtech.co.il/static/squid-data/splice-epic-games.mp4>____
>> >
>> > ____
>> >
>> > So basically the relevant domains are:____
>> >
>> > ____
>> >
>> > epicgames-download1.akamaized.net
>> > <http://epicgames-download1.akamaized.net>____
>> >
>> > .epicgames.com <http://epicgames.com>____
>> >
>> > .unrealengine.com <http://unrealengine.com>____
>> >
>> > ____
>> >
>> > And you can peek at robert k Wild mail: “regex for normal
>> > websites”____
>> >
>> > ____
>> >
>> > And it contains the relevant technical details.____
>> >
>> > If for any reason you need a more detailed answer let me
>> > know.____
>> >
>> > ____
>> >
>> > Yours,____
>> >
>> > Eliezer ____
>> >
>> > ____
>> >
>> > ----____
>> >
>> > Eliezer Croitoru____
>> >
>> > NgTech, Tech Support____
>> >
>> > Mobile: +972-5-28704261____
>> >
>> > Email: ngtech1ltd at gmail.com <mailto:ngtech1ltd at gmail.com
>> >____
>> >
>> > Web: https://ngtech.co.il/ <https://ngtech.co.il/>____
>> >
>> > My-Tube: https://tube.ngtech.co.il/
>> > <https://tube.ngtech.co.il/>____
>> >
>> > ____
>> >
>> > *From:*squid-users
>> > <squid-users-bounces at lists.squid-cache.org
>> > <mailto:squid-users-bounces at lists.squid-cache.org>> *On
>> > Behalf Of *Adam Barnett
>> > *Sent:* Thursday, 4 August 2022 14:28
>> > *To:* squid-users at lists.squid-cache.org
>> > <mailto:squid-users at lists.squid-cache.org>
>> > *Subject:* [squid-users] Squid and Epic Games HCapctca____
>> >
>> > ____
>> >
>> > Hi All, ____
>> >
>> > ____
>> >
>> > I am trying to get squid to allow me to login to
>> > Epicgames.com with my epic login, i get to the login page
>> > and get the hcaptca images and everytime i get "invalid
>> > response" ____
>> >
>> > ____
>> >
>> > i looked at the headers and the only error that i can see is
>> > "The cache information is missing from the entry" ____
>> >
>> > ____
>> >
>> > My config looks like so
>> >
>> > workers 2
>> >
>> > ```
>> > # Leave coredumps in the first cache dir
>> > coredump_dir /var/spool/squid
>> >
>> > http_port 3128 ssl-bump dynamic_cert_mem_cache_size=16MB
>> > generate-host-certificates=on
>> > cert=/etc/squid/certs/squid-ca-cert-key.pem
>> >
>> > sslcrtd_program /usr/lib64/squid/security_file_certgen -s
>> > /var/spool/squid/ssl -M 16MB
>> > dns_nameservers 10.5.1.2 8.8.8.8
>> > visible_hostname foo-proxy-1
>> > forwarded_for truncate
>> > via off
>> >
>> > # Send to file
>> > access_log daemon:/var/log/squid/access.log
>> >
>> >
>> >
>> > acl CONNECT method CONNECT
>> > acl local src 10.0.0.0/8 <http://10.0.0.0/8>
>> > always_direct allow all
>> > request_header_add X-GoogApps-Allowed-Domains "foo.com
>> > <http://foo.com>" all
>> >
>> > memory_replacement_policy heap GDSF
>> > maximum_object_size 100 KB
>> > maximum_object_size 1 MB
>> >
>> > cache allow all
>> > cache_mem 256 MB
>> > cache_dir rock /var/spool/squid 1024
>> > memory_pools off
>> > cache_swap_low 90
>> > client_persistent_connections on
>> >
>> >
>> > http_access allow localhost manager
>> > http_access deny manager
>> >
>> > # SquidGaurd
>> > url_rewrite_program /usr/bin/squidGuard
>> > ```
>> >
>> > Any suggestions? ____
>> >
>> > ____
>> >
>> > Thanks____
>> >
>> > Adam Barnett
>> > Senior SysAdmin beloFX____
>> >
>> > **____
>> >
>> >
>> >
>> > ____
>> >
>> >
>> >
>> > abarnett at belofx.com
>> > <
>> https://514584150-atari-embeds.googleusercontent.com/embeds/16cb204cf3a9d4d223a0a3fd8b0eec5d/inner-frame-minified.html?jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.dzXZWX9QTbE.O%2Fd%3D1%2Frs%3DAHpOoo_epIQDPHdjFr3MLkazUi2Jmy50dQ%2Fm%3D__features__
>> >____
>> >
>> > **____
>> >
>> >
>> >
>> > ____
>> >
>> >
>> >
>> > www.belofx.com <http://www.belofx.com/>____
>> >
>> > **____
>> >
>> >
>> >
>> > ____
>> >
>> >
>> >
>> > LinkedIn <http://www.linkedin.com/company/belofx>____
>> >
>> > ____
>> >
>> >
>> > _______________________________________________
>> > squid-users mailing list
>> > squid-users at lists.squid-cache.org
>> > http://lists.squid-cache.org/listinfo/squid-users
>>
>> _______________________________________________
>> squid-users mailing list
>> squid-users at lists.squid-cache.org
>> http://lists.squid-cache.org/listinfo/squid-users
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20220811/37c6f921/attachment-0001.htm>
More information about the squid-users
mailing list