[squid-users] Put URLs and URL regex in one text file
robert k Wild
robertkwild at gmail.com
Fri May 20 11:26:40 UTC 2022
Sorry I'm a bit thick
So I've read SSL::server_name_regex which uses sni is better than
dstdomain_regex
So I think I'm better of using the sni one then ?
On Fri, 20 May 2022, 12:20 Matus UHLAR - fantomas, <uhlar at fantomas.sk>
wrote:
> On 20.05.22 11:21, robert k Wild wrote:
> >So for SSL inspection, for squid to look into the URl headers, what's the
> >better one
> >
> >Server name or
> >
> >DST domain
>
> I thought I have explained it:
> dstdom_regex is from the request, not from the SSL data.
>
> >On Fri, 20 May 2022, 11:12 Matus UHLAR - fantomas, <uhlar at fantomas.sk>
> >wrote:
> >
> >> On 19.05.22 19:29, robert k Wild wrote:
> >> >Think I found it but, what the difference between these two
> >> >
> >> >acl aclname ssl::server_name_regex [-i] \.foo\.com ...
> >>
> >> this one is taken from SNI option when squid looks at SSL handshake
> >> parameters.
> >>
> >> >acl aclname dstdom_regex [-n] [-i] \.foo\.com ...
> >>
> >> this one is the one provided in clients' request, where SSL requests
> >> usually
> >> look like:
> >>
> >> CONNECT www.google.com:443 HTTP/1.0
>
> --
> Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> Posli tento mail 100 svojim znamim - nech vidia aky si idiot
> Send this email to 100 your friends - let them see what an idiot you are
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20220520/95d5abd3/attachment.htm>
More information about the squid-users
mailing list