<div dir="auto">So for SSL inspection, for squid to look into the URl headers, what's the better one<div dir="auto"><br></div><div dir="auto">Server name or</div><div dir="auto"><br></div><div dir="auto">DST domain</div><div dir="auto"><br></div><div dir="auto">Thanks,</div><div dir="auto">Rob</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, 20 May 2022, 11:12 Matus UHLAR - fantomas, <<a href="mailto:uhlar@fantomas.sk">uhlar@fantomas.sk</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On 19.05.22 19:29, robert k Wild wrote:<br>
>Think I found it but, what the difference between these two<br>
><br>
>acl aclname ssl::server_name_regex [-i] \.foo\.com ...<br>
<br>
this one is taken from SNI option when squid looks at SSL handshake <br>
parameters.<br>
<br>
>acl aclname dstdom_regex [-n] [-i] \.foo\.com ...<br>
<br>
this one is the one provided in clients' request, where SSL requests usually <br>
look like:<br>
<br>
CONNECT <a href="http://www.google.com:443" rel="noreferrer noreferrer" target="_blank">www.google.com:443</a> HTTP/1.0<br>
<br>
-- <br>
Matus UHLAR - fantomas, <a href="mailto:uhlar@fantomas.sk" target="_blank" rel="noreferrer">uhlar@fantomas.sk</a> ; <a href="http://www.fantomas.sk/" rel="noreferrer noreferrer" target="_blank">http://www.fantomas.sk/</a><br>
Warning: I wish NOT to receive e-mail advertising to this address.<br>
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.<br>
Chernobyl was an Windows 95 beta test site.<br>
_______________________________________________<br>
squid-users mailing list<br>
<a href="mailto:squid-users@lists.squid-cache.org" target="_blank" rel="noreferrer">squid-users@lists.squid-cache.org</a><br>
<a href="http://lists.squid-cache.org/listinfo/squid-users" rel="noreferrer noreferrer" target="_blank">http://lists.squid-cache.org/listinfo/squid-users</a><br>
</blockquote></div>