[squid-users] Splice certain SNIs which served by the same IP
Ben Goz
ben.goz87 at gmail.com
Thu Feb 17 12:46:38 UTC 2022
By the help of God.
Any insights?
Thanks,
Ben
בתאריך יום ב׳, 14 בפבר׳ 2022 ב-15:49 מאת Ben Goz <ben.goz87 at gmail.com
>:
> By the help of God.
>
> Hi,
> Ny squid version is 4.15, using it on tproxy configuration.
>
> I'm using ssl bump to intercept https connection, but I want to splice
> several domains.
> I have a problem that when I'm splicing some google domains eg.
> youtube.com then
> gmail.com domain also spliced.
>
> I know that it is very common for google servers to host multiple domains
> on single server.
> And I suspect that when I'm splicing for example youtube.com it'll also
> splices google.com.
>
> Here are my squid configurations for the ssl bump:
>
> https_port xxxx ssl-bump tproxy generate-host-certificates=on options=ALL
> dynamic_cert_mem_cache_size=4MB cert=/usr/local/squid/etc/ssl_cert/myCA.pem
> dhparams=/usr/local/squid/etc/dhparam.pem sslflags=NO_DEFAULT_CA
>
> acl DiscoverSNIHost at_step SslBump1
>
> acl NoSSLIntercept ssl::server_name "/usr/local/squid/etc/url-no-bump"
> acl NoSSLInterceptRegexp ssl::server_name_regex -i
> "/usr/local/squid/etc/url-no-bump-regexp"
> ssl_bump splice NoSSLInterceptRegexp_always
> ssl_bump splice NoSSLIntercept
> ssl_bump splice NoSSLInterceptRegexp
> ssl_bump peek DiscoverSNIHost
> ssl_bump bump all
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20220217/41541d67/attachment.htm>
More information about the squid-users
mailing list