[squid-users] Header Detection Post SSL Bump in Squid 4.10

shubham jain csp.shubham at gmail.com
Thu Apr 16 05:15:00 UTC 2020 

Hi,

*Context*:
I want to use Squid as a forward proxy, where I want to
1) send all the Image requests directly, presumably using request header
'accept'
2) send all other requests through a cache peer Proxy service

The req_header directive is working fine for HTTP Requests, but not for
HTTPS.

I've done the setup for SSL Bump in here and that's giving decrypted HTTPS
requests in the access.log as well.

*Issue:*
The req_header directive is not working on the decrypted HTTPS requests.

*Squid.conf*

# SSL Bump Port
http_port 127.0.0.1:3128 ssl-bump cert=/usr/local/etc/cert/example.com.cert
key=/usr/local/etc/cert/example.com.private generate-host-certificates=on
version=1 options=SINGLE_DH_USE

# SSL Bump Config
acl step1 at_step SslBump1
acl step2 at_step SslBump2
acl step3 at_step SslBump3

acl imageIsBlocked req_header accept -i image

ssl_bump terminate imageIsBlocked    #terminate is just for testing, to be
replaced by splice
ssl_bump bump all

*Access.log*

1587011751.217    204 127.0.0.1 TCP_MISS/200 393 GET
https://dt.adsafeprotected.com/dt? - HIER_DIRECT/104.244.39.20 image/gif
1587011751.264   1050 127.0.0.1 NONE/200 0 CONNECT
pagead2.googlesyndication.com:443 - HIER_DIRECT/172.217.13.226 -
1587011751.303    787 127.0.0.1 NONE/200 0 CONNECT
pagead2.googlesyndication.com:443 - HIER_DIRECT/172.217.13.226 -
1587011752.246   2846 127.0.0.1 NONE/200 0 CONNECT
partners.tremorhub.com:443 - HIER_DIRECT/3.224.28.212 -
1587011753.348   1096 127.0.0.1 TCP_MISS/200 1105 GET
https://partners.tremorhub.com/syncnoad? - HIER_DIRECT/3.224.28.212 text/xml
1587011754.152    799 127.0.0.1 TCP_MISS/200 1124 GET
https://partners.tremorhub.com/syncnoad? - HIER_DIRECT/3.224.28.212 text/xml
1587011756.091   1934 127.0.0.1 TCP_MISS/200 1086 GET
https://partners.tremorhub.com/syncnoad? - HIER_DIRECT/3.224.28.212 text/xml
1587011760.264   4169 127.0.0.1 TCP_MISS_ABORTED/200 1113 GET
https://partners.tremorhub.com/syncnoad? - HIER_DIRECT/3.224.28.212 text/xml
1587011760.822    367 127.0.0.1 TCP_MISS/200 1185 POST
https://pagead2.googlesyndication.com/pcs/activeview? - HIER_DIRECT/
172.217.13.226 image/gif
1587011760.862    407 127.0.0.1 TCP_MISS/200 1185 GET
https://pagead2.googlesyndication.com/pcs/activeview? - HIER_DIRECT/
172.217.13.226 image/gif

Any help would be appreciated, as I have spent weeks trying to get around
the work post SSL Bumping.

*Thanks & Regards,*

*Shubham Jain*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20200416/350dc071/attachment-0001.html>

More information about the squid-users mailing list