[squid-users] Domain fronting detection
Jason Spashett
jason.spashett at menlosecurity.com
Tue Mar 15 19:09:29 UTC 2022
Hello squid-users,
I wonder if there is a set of workable acls at present that can detect
and/or block domain fronting. By way of my understanding, that would be
comparing the TLS SNI during a client connecting to squid and issuing a
CONNECT method. Squid would bump that TLS request to also examine each and
every Host header and compare it to the TLS SNI to see if there is a
discrepancy.
Looking at the code at the moment I can only see absolute URL vs host
header checks, which do not appear to look at the CONNECT TLS SNI, which I
think to be found in the master xaction.
Regards,
Jason.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20220315/325ada53/attachment.htm>
More information about the squid-users
mailing list