[squid-users] extract http headers from CONNECT / bumped ssl?
Aaron Turner
synfinatic at gmail.com
Fri Aug 25 00:31:36 UTC 2017
On Thu, Aug 24, 2017 at 5:16 PM, Alex Rousskov
<rousskov at measurement-factory.com> wrote:
> On 08/24/2017 06:00 PM, Aaron Turner wrote:
>> So I've deployed squid in forward mode, installed the CA in my web
>> clients, etc and have squid working fine for both http and https
>> traffic.
>
> Forgive me for double checking, but is SSL bumping actually working? For
> example, do you see individual decrypted HTTPS requests in access.log?
Actually, looks like I was misunderstanding the access.log, it was working:
1503620688.280 0 10.93.3.85 TAG_NONE/200 0 CONNECT synfin.net:443
- HIER_NONE/- - ip_index=0,client=-
1503620689.241 947 10.93.3.85 TCP_MISS/200 57810 GET
https://synfin.net/sock_stream/ - HIER_DIRECT/45.79.73.39 text/html
ip_index=2,client=foobar1
I didn't initially understand that each CONNECT then generates a
second entry. As you can see the second line has both the full URI
(indicating the SSL got bumped) and decoded my client id (foobar1).
> What is your Squid version?
3.5.26
>> One thing I need to do is be able to extract a http request header
>> into an external_acl_type:
>>
>> external_acl_type client_ip_map_0 %>{My-Custom-Client-Id}
>> /usr/lib64/squid/user_loadbalance.py 0 4
>
> That is not your actual external_acl_type line, I hope. The %>h part
> looks malformed.
Really? Works and seems to match the instructions indicating "%>{Header}"
Thanks,
Aaron
More information about the squid-users
mailing list