[squid-users] regex for normal websites
ngtech1ltd at gmail.com
ngtech1ltd at gmail.com
Wed Aug 3 05:20:21 UTC 2022
Hey Amos,
And just to be clear:
ssl::server_name_regex has the same path as ssl::server_name ?
I have not read the code yet but it seems pretty obviates to me.
Eliezer
----
Eliezer Croitoru
NgTech, Tech Support
Mobile: +972-5-28704261
Email: ngtech1ltd at gmail.com
Web: https://ngtech.co.il/
My-Tube: https://tube.ngtech.co.il/
-----Original Message-----
From: squid-users <squid-users-bounces at lists.squid-cache.org> On Behalf Of Amos Jeffries
Sent: Wednesday, 3 August 2022 5:10
To: squid-users at lists.squid-cache.org
Subject: Re: [squid-users] regex for normal websites
On 3/08/22 05:01, robert k Wild wrote:
> Mmm, maybe I should try
>
> dstdom_regex
>
> Instead of
>
> ssl::server_name_regex
>
> But when you using ssl bump in your squid.conf, isn't it best to use
>
> ssl::server_name_regex
>
Typically yes, or ssl::server_name.
FYI, the two ACL types do exactly the same matching algorithm. They
differ only in what detail from the traffic they match against:
* dstdomain matches:
- the domain found in HTTP request-target (aka URL or URI), or
- the reverse-DNS hostname for a raw-IP found in HTTP request-target
(aka URL or URI).
* ssl::server_name matches whichever is available from (in order of
preference):
- the request-target URL domain from decrypted HTTP(S) message, or
- the host name from SSL server certificate AltSubject, or
- the host name from TLS SNI message, or
- the domain from request-target URI of CONNECT request.
... in that order of preference for both.
HTH
Amos
_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
More information about the squid-users
mailing list