<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<font size="+1">Thank Amos. Ironically I just found that out with
testing and then a search pointing me here:<br>
<br>
<a class="moz-txt-link-freetext" href="https://wiki.squid-cache.org/Features/HTTPS">https://wiki.squid-cache.org/Features/HTTPS</a><br>
<br>
Sadly, I should have thought of that. Been a long day I guess.<br>
<br>
Thanks again!<br>
<br>
--David<br>
</font><br>
<div class="moz-cite-prefix">On 7/22/20 8:58 PM, Amos Jeffries
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:df3abb61-ec02-d17c-ca9a-280575815eb7@treenet.co.nz">
<pre class="moz-quote-pre" wrap="">On 23/07/20 3:27 pm, David A. Gershman wrote:
</pre>
<blockquote type="cite">
<pre class="moz-quote-pre" wrap="">Hello again,
After further testing, the looks like the only thing being regex'd
against is the domain name. I shrunk the RE down to just:
acl user_allowed url_regex http # nothing more, just 'http'
and it /*still*/ failed!!! It's as if the "whole url" (claimed by the
docs) is /not/ being compared against. I'm just posting this here as an
FYI...no solution has been found. :(
</pre>
</blockquote>
<pre class="moz-quote-pre" wrap="">
Squid uses basic regex without extensions - the basic operators that
work in both GNU regex and POSIX regex can be expected to work.
Your mistake is thinking that URL always looks like <a class="moz-txt-link-rfc2396E" href="https://example.com/">"https://example.com/"</a>.
For HTTPS traffic going through an HTTP proxy the URL is in
authority-form which looks like "example.com:443".
<a class="moz-txt-link-rfc2396E" href="https://tools.ietf.org/html/rfc7230#section-5.3.3"><https://tools.ietf.org/html/rfc7230#section-5.3.3></a>
</pre>
<blockquote type="cite">
<pre class="moz-quote-pre" wrap="">
On 7/22/20 7:22 PM, David A. Gershman wrote:
</pre>
<blockquote type="cite">
<pre class="moz-quote-pre" wrap="">Hello,
I have the following in my config file:
acl user_allowed url_regex ^<a class="moz-txt-link-freetext" href="https://example\.com/">https://example\.com/</a>
but surfing to that site fails (authentication works fine). My
ultimate goal is to have an RE comparable to the PCRE of:
^https?:\/\/.*?example\.com\/
While the PCRE works just fine in other tools (my own scripts, online,
etc.), I was unable to get it to work within Squid3. As I stripped
away pieces of the RE in the config file, the only RE which seemed to
work was:
example\.com
...not even having the ending '/'. However, this obviously does not
meet my needs.
</pre>
</blockquote>
</blockquote>
<pre class="moz-quote-pre" wrap="">
To get to the scheme and path information for HTTPS traffic you need
SSL-Bump functionality built into the proxy and configured to decrypt
the TLS traffic layer.
OpenSSL license currently (soon to change, yay!) does not permit Debian
to distribute a Squid binary package with that feature enabled so you
will have to rebuild the squid package yourself with relevant additions
or install a package from an independent repository.
</pre>
<blockquote type="cite">
<blockquote type="cite">
<pre class="moz-quote-pre" wrap="">I'm on Debian 10 and am unable to determine which RE library Debian
compiled Squid3 against (I've got a Tweet out to them to see if they
can point me in the right direction).
</pre>
</blockquote>
</blockquote>
<pre class="moz-quote-pre" wrap="">
Squid3 has been removed from Debian long ago. You should be using
"squid" package these days which is Squid-4 on all current Debian.
HTH
Amos
_______________________________________________
squid-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a>
<a class="moz-txt-link-freetext" href="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</a>
</pre>
</blockquote>
<br>
</body>
</html>