[squid-users] How to create a simple whitelist using regexes?
Matus UHLAR - fantomas
uhlar at fantomas.sk
Mon Oct 15 17:25:38 UTC 2018
On 15.10.18 12:48, RB wrote:
>After some more research it looks like squid only has access to the url
>domain if it's HTTPS and the only way to get the url path and query string
>is to use ssl_bump to decrypt https so squid can see url path and query
>arguments.
this is what I wrote before. Looking at it now, I should have explained more
deeply....
>>> > are you aware that you can only see CONNECT in https requests, unless
>>> > using ssl_bump?
>To use ssl_bump, I have to compile the code from source with --enable-ssl,
>create a certificate, and add it to the chain of certs to every other vm
>that proxies through squid, then squid can decrypt the https urls to see
>paths and query args and finally apply the regex to those urls in order to
>only allow explicit regex urls.
>
>Is this correct?
Alex has explained already.
I would like to note that the whole purpose of SSL encription in HTTPS is to
deny anyone between client and server to see what is the client accessing.
That includes your proxy.
And we often see complaints about SSL bump not working because different
clients expect certificates signed by their certificate autorities, not by
yours.
--
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Windows 2000: 640 MB ought to be enough for anybody
More information about the squid-users
mailing list