[squid-users] Header Detection Post SSL Bump in Squid 4.10
shubham jain
csp.shubham at gmail.com
Thu Apr 16 05:15:00 UTC 2020
Hi,
*Context*:
I want to use Squid as a forward proxy, where I want to
1) send all the Image requests directly, presumably using request header
'accept'
2) send all other requests through a cache peer Proxy service
The req_header directive is working fine for HTTP Requests, but not for
HTTPS.
I've done the setup for SSL Bump in here and that's giving decrypted HTTPS
requests in the access.log as well.
*Issue:*
The req_header directive is not working on the decrypted HTTPS requests.
*Squid.conf*
# SSL Bump Port
http_port 127.0.0.1:3128 ssl-bump cert=/usr/local/etc/cert/example.com.cert
key=/usr/local/etc/cert/example.com.private generate-host-certificates=on
version=1 options=SINGLE_DH_USE
# SSL Bump Config
acl step1 at_step SslBump1
acl step2 at_step SslBump2
acl step3 at_step SslBump3
acl imageIsBlocked req_header accept -i image
ssl_bump terminate imageIsBlocked #terminate is just for testing, to be
replaced by splice
ssl_bump bump all
*Access.log*
1587011751.217 204 127.0.0.1 TCP_MISS/200 393 GET
https://dt.adsafeprotected.com/dt? - HIER_DIRECT/104.244.39.20 image/gif
1587011751.264 1050 127.0.0.1 NONE/200 0 CONNECT
pagead2.googlesyndication.com:443 - HIER_DIRECT/172.217.13.226 -
1587011751.303 787 127.0.0.1 NONE/200 0 CONNECT
pagead2.googlesyndication.com:443 - HIER_DIRECT/172.217.13.226 -
1587011752.246 2846 127.0.0.1 NONE/200 0 CONNECT
partners.tremorhub.com:443 - HIER_DIRECT/3.224.28.212 -
1587011753.348 1096 127.0.0.1 TCP_MISS/200 1105 GET
https://partners.tremorhub.com/syncnoad? - HIER_DIRECT/3.224.28.212 text/xml
1587011754.152 799 127.0.0.1 TCP_MISS/200 1124 GET
https://partners.tremorhub.com/syncnoad? - HIER_DIRECT/3.224.28.212 text/xml
1587011756.091 1934 127.0.0.1 TCP_MISS/200 1086 GET
https://partners.tremorhub.com/syncnoad? - HIER_DIRECT/3.224.28.212 text/xml
1587011760.264 4169 127.0.0.1 TCP_MISS_ABORTED/200 1113 GET
https://partners.tremorhub.com/syncnoad? - HIER_DIRECT/3.224.28.212 text/xml
1587011760.822 367 127.0.0.1 TCP_MISS/200 1185 POST
https://pagead2.googlesyndication.com/pcs/activeview? - HIER_DIRECT/
172.217.13.226 image/gif
1587011760.862 407 127.0.0.1 TCP_MISS/200 1185 GET
https://pagead2.googlesyndication.com/pcs/activeview? - HIER_DIRECT/
172.217.13.226 image/gif
Any help would be appreciated, as I have spent weeks trying to get around
the work post SSL Bumping.
*Thanks & Regards,*
*Shubham Jain*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20200416/350dc071/attachment-0001.html>
More information about the squid-users
mailing list