[squid-users] Splice certain SNIs which served by the same IP

[Eliezer Croitoru]

Hey Ben,

 

I have seen your email however didn’t had enough time to respond.

I and others need some free time…

I am more then willing to test this issue in my local test environment.

I can test it on Oracle Enterprise Linux 8 with the latest 4.x version.

We can simplify things by creating a very specific environment without any unknowns.

You will need to provide the full details of the testing setup and the content of:

acl NoSSLIntercept ssl::server_name  "/usr/local/squid/etc/url-no-bump"
acl NoSSLInterceptRegexp ssl::server_name_regex -i "/usr/local/squid/etc/url-no-bump-regexp"



In my environment it works as expected without any issues while I am not user ssl::server_name_regex

The docs clearly state:

        acl aclname ssl::server_name_regex [-i] \.foo\.com ...

          # regex matches server name obtained from various sources [fast]

 

 

So you should try to use:

        acl aclname ssl::server_name [option] .foo.com ...
          # matches server name obtained from various sources [fast]

 

Instead as a starter point.

 

I understand you need some help but I and others have other obligations in life so it would happen from time to time

that someone is not free to try and help you.

 

All The Bests,

Eliezer

 

*	If someone would have provided me with enough food and other living expenses I might have been free enough to help you.

 

----

Eliezer Croitoru

NgTech, Tech Support

Mobile: +972-5-28704261

Email: ngtech1ltd at gmail.com <mailto:ngtech1ltd at gmail.com> 

 

From: squid-users <squid-users-bounces at lists.squid-cache.org> On Behalf Of Ben Goz
Sent: Thursday, February 17, 2022 14:47
To: squid-users at lists.squid-cache.org
Subject: Re: [squid-users] Splice certain SNIs which served by the same IP

 

By the help of God.

Any insights?

 

Thanks,

Ben

 

‫בתאריך יום ב׳, 14 בפבר׳ 2022 ב-15:49 מאת ‪Ben Goz‏ <‪ <mailto:ben.goz87 at gmail.com> ben.goz87 at gmail.com‏>:

By the help of God.

 

Hi,

Ny squid version is 4.15, using it on tproxy configuration.

 

I'm using ssl bump to intercept https connection, but I want to splice several domains.

I have a problem that when I'm splicing some google domains eg. youtube.com <http://youtube.com>  then

gmail.com <http://gmail.com>  domain also spliced.

 

I know that it is very common for google servers to host multiple domains on single server.

And I suspect that when I'm splicing for example youtube.com <http://youtube.com>  it'll also splices google.com <http://google.com> .

 

 Here are my squid configurations for the ssl bump:

 

https_port xxxx ssl-bump tproxy generate-host-certificates=on options=ALL dynamic_cert_mem_cache_size=4MB cert=/usr/local/squid/etc/ssl_cert/myCA.pem dhparams=/usr/local/squid/etc/dhparam.pem sslflags=NO_DEFAULT_CA

acl DiscoverSNIHost at_step SslBump1

acl NoSSLIntercept ssl::server_name  "/usr/local/squid/etc/url-no-bump"
acl NoSSLInterceptRegexp ssl::server_name_regex -i "/usr/local/squid/etc/url-no-bump-regexp"
ssl_bump splice NoSSLInterceptRegexp_always
ssl_bump splice NoSSLIntercept
ssl_bump splice NoSSLInterceptRegexp
ssl_bump peek DiscoverSNIHost
ssl_bump bump all

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20220220/0c039b04/attachment.htm>