<div dir="rtl"><div dir="ltr">By the help of God.</div><div dir="ltr">Any insights?</div><div dir="ltr"><br></div><div dir="ltr">Thanks,</div><div dir="ltr">Ben</div></div><br><div class="gmail_quote"><div dir="rtl" class="gmail_attr">בתאריך יום ב׳, 14 בפבר׳ 2022 ב-15:49 מאת Ben Goz <<a href="mailto:ben.goz87@gmail.com">ben.goz87@gmail.com</a>>:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="rtl"><div dir="ltr">By the help of God.</div><div dir="ltr"><br></div><div dir="ltr">Hi,</div><div dir="ltr">Ny squid version is 4.15, using it on tproxy configuration.</div><div dir="ltr"><br></div><div dir="ltr">I'm using ssl bump to intercept https connection, but I want to splice several domains.</div><div dir="ltr">I have a problem that when I'm splicing some google domains eg. <a href="http://youtube.com" target="_blank">youtube.com</a> then</div><div dir="ltr"><a href="http://gmail.com" target="_blank">gmail.com</a> domain also spliced.</div><div dir="ltr"><br></div><div dir="ltr">I know that it is very common for google servers to host multiple domains on single server.</div><div dir="ltr">And I suspect that when I'm splicing for example <a href="http://youtube.com" target="_blank">youtube.com</a> it'll also splices <a href="http://google.com" target="_blank">google.com</a>.</div><div dir="ltr"><br></div><div dir="ltr"> Here are my squid configurations for the ssl bump:</div><div dir="ltr"><br></div><div dir="ltr">https_port xxxx ssl-bump tproxy generate-host-certificates=on options=ALL dynamic_cert_mem_cache_size=4MB cert=/usr/local/squid/etc/ssl_cert/myCA.pem dhparams=/usr/local/squid/etc/dhparam.pem sslflags=NO_DEFAULT_CA<br><br>acl DiscoverSNIHost at_step SslBump1<br><br>acl NoSSLIntercept ssl::server_name "/usr/local/squid/etc/url-no-bump"<br>acl NoSSLInterceptRegexp ssl::server_name_regex -i "/usr/local/squid/etc/url-no-bump-regexp"<br>ssl_bump splice NoSSLInterceptRegexp_always<br>ssl_bump splice NoSSLIntercept<br>ssl_bump splice NoSSLInterceptRegexp<br>ssl_bump peek DiscoverSNIHost<br>ssl_bump bump all<br></div><div dir="ltr"><br></div></div>
</blockquote></div>