[squid-users] Safesearch: blocking Google images error
Amos Jeffries
squid3 at treenet.co.nz
Fri Sep 4 20:59:48 UTC 2015
On 5/09/2015 8:37 a.m., Stanford Prescott wrote:
>> acl s1_tls_connect at_step SslBump1
>> acl s2_tls_client_hello at_step SslBump2
>> acl s3_tls_server_hello at_step SslBump3
>>
>> acl tls_server_name_is_ip ssl::server_name_regex \
>> ^[0-9]+.[0-9]+.[0-9]+.[0-9]+n
>
> You have a letter 'n' on the end there is that intentional?
>
> It would seem so. I copied that from someone else's "peek-splice"
> directives that they said worked well for them. The actual regex in the
> perl script that writes squid.conf is *"print FILE "acl
> tls_server_name_is_ip ssl::server_name_regex
> ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$\n\n";*."
Thats not right. The script is broken.
The '$' in that position is an anchor on the pattern. Not a variable
perl is interpreting it as.
Not that a $ anchor would work, since the input contains a ":port" section.
A better raw-IP pattern is:
^(([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)|(\[([0-9af]+)?:([0-9af:]+)?:([0-9af]+)?\])):443
I think the main problem though is that the SNI support is not yet fully
polished.
Amos
More information about the squid-users
mailing list