[squid-users] Squid doesn't use domain name as a request URL in access.log when splice at step 3 occurs

Amos Jeffries squid3 at treenet.co.nz
Fri Nov 4 14:42:45 UTC 2016


On 5/11/2016 1:43 a.m., Garri Djavadyan wrote:
> The configuration for splice at step 3:
> 
> # diff etc/squid.conf.default etc/squid.conf
> 73a74,78
>> https_port 3129 intercept ssl-bump cert=etc/ssl_cert/myCA.pem
> generate-host-certificates
>> acl StepSplice at_step SslBump3
>> ssl_bump splice StepSplice
>> ssl_bump peek all
>> logformat squid      %ts.%03tu %6tr %>a %Ss/%03>Hs %<st %rm %ru %[un
> %Sh/%<a %mt %ssl::>sni
> 
> 
> The result:
> 1478256303.420    574 172.16.0.21 TCP_TUNNEL/200 6897 CONNECT
> 104.124.119.14:443 - ORIGINAL_DST/104.124.119.14 - www.openssl.org
> 
> 
> Is it a bug or intended behavior? Thanks.
> 

The person (Christos) who designed that behaviour is not reading this
mailing list very often.

AFAIK, it depends on what the SubjectAltName field in the certificate
provided by 104.124.119.14 contains.

Amos



More information about the squid-users mailing list