<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<br>
-----BEGIN PGP SIGNED MESSAGE----- <br>
Hash: SHA256 <br>
<br>
acl GetSNI at_step SslBump1<br>
acl NoSSLIntercept ssl::server_name netflix.com ntflx.com
ntflximg.com ntflxvideo.com<br>
ssl_bump peek GetSNI<br>
ssl_bump splice NoSSLIntercept<br>
ssl_bump bump all<br>
<br>
<br>
03.03.16 3:12, Bmahak2005 пишет:<br>
<span style="white-space: pre;">> Ok i read the doc but I am
afraid i do not know where yo start<br>
> I know that netflix traffic comes from these server domains<br>
> .netflix.com <a class="moz-txt-link-rfc2396E" href="http://netflix.com"><http://netflix.com></a><br>
> .ntflx.com <a class="moz-txt-link-rfc2396E" href="http://ntflx.com"><http://ntflx.com></a><br>
> .ntflximg.com <a class="moz-txt-link-rfc2396E" href="http://ntflximg.com"><http://ntflximg.com></a><br>
> .ntflxvideo.com <a class="moz-txt-link-rfc2396E" href="http://ntflxvideo.com"><http://ntflxvideo.com></a><br>
> But how can I setup my config file to just tell squid do not
bump netflix traffic and i am not interested in caching it or
guarding against it<br>
> How can I use splice for that?<br>
><br>
> Sent from my iPhone<br>
><br>
> On Mar 2, 2016, at 12:48 PM, Yuri Voinov
<<a class="moz-txt-link-abbreviated" href="mailto:yvoinov@gmail.com">yvoinov@gmail.com</a> <a class="moz-txt-link-rfc2396E" href="mailto:yvoinov@gmail.com"><mailto:yvoinov@gmail.com></a>> wrote:<br>
><br>
>><br>
> With peek and splice feature.<br>
><br>
> <a class="moz-txt-link-freetext" href="http://wiki.squid-cache.org/Features/SslPeekAndSplice">http://wiki.squid-cache.org/Features/SslPeekAndSplice</a><br>
><br>
> 03.03.16 2:45, Bmahak2005 пишет:<br>
> > Thanks for the hint. How can I<br>
> do that ?<br>
><br>
><br>
><br>
><br>
><br>
> > Sent from my iPhone<br>
><br>
><br>
><br>
> >> On Mar 2, 2016, at 11:09 AM, Yuri Voinov<br>
> <a class="moz-txt-link-rfc2396E" href="mailto:yvoinov@gmail.com"><yvoinov@gmail.com></a> wrote:<br>
><br>
> >><br>
><br>
> >><br>
><br>
> > Nobody can fight SSL pinning in proprietary apps.<br>
><br>
><br>
><br>
> > The only way I see is to put Netflex under splice
ACL and do<br>
> not do SSL<br>
><br>
> > bump for all Netflex CDN.<br>
><br>
><br>
><br>
> > 02.03.16 22:29, bma пишет:<br>
><br>
> > >>> I have installed squid 3.15 on ubuntu
15.10<br>
> server. squid was setup with<br>
><br>
> > >>> sslbump for https traffic. The
functionality<br>
> work without any problem<br>
><br>
> > i.e. :<br>
><br>
> > >>> all traffic from both http and https
goes<br>
> through squid and all<br>
><br>
> > internet can<br>
><br>
> > >>> be accessed on all devices where
certificates<br>
> are installed. With one<br>
><br>
> > >>> exception : 'Netflix APP' no longer
works on IOS<br>
> devices (iPhone,<br>
><br>
> > iPad). no<br>
><br>
> > >>> matter what I do. All other internet
services<br>
> (safari, and other apps)<br>
><br>
> > work<br>
><br>
> > >>> properly on those devices. And I was
able to run<br>
> Netflix from browser on<br>
><br>
> > >>> linux boxes and even OS X safari. The
only thing<br>
> that is not working is<br>
><br>
> > >>> Netflix APP on IOS.<br>
><br>
> > >>><br>
><br>
> > >>> Of course if I disable sslbump and
only allow<br>
> http to go through squid<br>
><br>
> > >>> netflix works. I tried both
transparent mode and<br>
> proxy mode on the iPhone,<br>
><br>
> > >>> still not working.<br>
><br>
> > >>><br>
><br>
> > >>> Did anyone manage to make Netflix APP
on IOS<br>
> devices work with squid with<br>
><br>
> > >>> sslbump enabled ?<br>
><br>
> > >>><br>
><br>
> > >>><br>
><br>
> > >>><br>
><br>
> > >>> --<br>
><br>
> > >>> View this message in context:<br>
><br>
><br>
>
<a class="moz-txt-link-freetext" href="http://squid-web-proxy-cache.1019090.n4.nabble.com/squid-with-sslbump-blocking-Netflix-tp4676381.html">http://squid-web-proxy-cache.1019090.n4.nabble.com/squid-with-sslbump-blocking-Netflix-tp4676381.html</a><br>
><br>
> > >>> Sent from the Squid - Users mailing
list archive<br>
> at Nabble.com <a class="moz-txt-link-rfc2396E" href="http://nabble.com"><http://nabble.com></a>.<br>
><br>
> > >>>
_______________________________________________<br>
><br>
> > >>> squid-users mailing list<br>
><br>
> > >>> <a class="moz-txt-link-abbreviated" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a><br>
><br>
> > >>><br>
> <a class="moz-txt-link-freetext" href="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</a><br>
><br>
><br>
><br>
> >><br>
><br>
> >> <0x613DEC46.asc><br>
><br>
> >>
_______________________________________________<br>
><br>
> >> squid-users mailing list<br>
><br>
> >> <a class="moz-txt-link-abbreviated" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a><br>
><br>
> >>
<a class="moz-txt-link-freetext" href="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</a><br>
><br>
>><br>
>> <0x613DEC46.asc></span><br>
<br>
-----BEGIN PGP SIGNATURE-----
<br>
Version: GnuPG v2
<br>
<br>
iQEcBAEBCAAGBQJW11qyAAoJENNXIZxhPexGOK0IAJSid5eBZirWSyv78E6Dqj0U
<br>
tSoanZ/LCBVPbYjnukKJ/OwIcR3TnglnHpYXMde4iwwGm3Z+RDG5qEaTor89ieED
<br>
68JUTV1VqM7sxghE/Sm9L4VYH1Cme9vz0E7apE53tz/yKKYmJG5reYzBQKBWM4i+
<br>
J/gFmDX1ageXoH14zQ5XbFdOoz8YfKIFkLxtFO7Karjwp/H97X6KhbBfPMBouO5U
<br>
qEp0/dbmkgHgCqr9bQzYM/quypXoiJoMiYnm0XBP4Q2gMjoBMcYcZSqhJNnwgUxi
<br>
F79VzEJajUVDqW+/w9g8V7idm2Zj9OTU+TABpiknlXanxo6TMbKuaADZV9mTfcU=
<br>
=GBtP
<br>
-----END PGP SIGNATURE-----
<br>
<br>
</body>
</html>