[squid-users] Squid 6.10 on Fedora 40 cannot intercept and bump SSL Traffic
Alex Rousskov
rousskov at measurement-factory.com
Thu Aug 22 20:00:15 UTC 2024
On 2024-08-22 15:40, ngtech1ltd at gmail.com wrote:
> I believe there should be something that will indicate it to some
> degree
Sorry, I do not know what you mean by "it" here.
> since ssl_bump and intercept on the same port should be "impossible"
It is possible. An http_port can apply SslBump to intercepted traffic.
Same for https_port. However, each port is meant to handle its own kind
of traffic: http_port is for plain HTTP (including CONNECT tunnels)
while https_port is for TLS (usually with HTTP inside that TLS).
All of these six configuration sketches are valid for some use cases
(and different things are expected to happen at each of these ports):
* http_port
* http_port intercept
* http_port ssl-bump
* http_port intercept ssl-bump
* https_port
* https_port intercept ssl-bump
> or that the http_port should be enabled to do ssl
> interception.
http_port does not need to be enabled to do TLS interception.
http_port is pretty much unrelated to TLS interception.
http_port may be configured to do plain HTTP interception.
> Am I wrong about my assumption?
It feels like it, but it could be that your assumptions just need to be
stated more accurately to become valid.
HTH,
Alex.
> -----Original Message-----
> From: squid-users <squid-users-bounces at lists.squid-cache.org> On Behalf Of Alex Rousskov
> Sent: Thursday, August 22, 2024 9:21 PM
> To: squid-users at lists.squid-cache.org
> Subject: Re: [squid-users] Squid 6.10 on Fedora 40 cannot intercept and bump SSL Traffic
>
> On 2024-08-20 15:57, Alex Rousskov wrote:
>> On 2024-08-19 19:32, NgTech LTD wrote:
>>
>> > curl -v -k https://www.youtube.com/
>>
>>> 1724109013.783 0 192.168.78.252 NONE_NONE/000 0 -
>>> error:invalid-request - HIER_NONE/- - -
>>
>> OK, let's focus on this curl interception test. It feels like your
>> Squid is receiving some bytes it cannot fully grok. We should figure
>> out what those bytes are. Please share (privately if needed) a pointer
>> to compressed ALL,9 cache.log snippet collected while reproducing this
>> single test.
>
> Thank you, Eliezer, for sharing the requested logs!
>
> There is a simple explanation for the above error:invalid-request access.log record: The test intercepts TLS traffic using plain text http_port. It should intercept TLS traffic using https_port instead.
>
>
>> acl foreignProtocol squid_error ERR_PROTOCOL_UNKNOWN ...
>> on_unsupported_protocol tunnel foreignProtocol
>
> When a plain text port is used, Squid correctly declares ERR_PROTOCOL_UNKNOWN, triggers on_unsupported_protocol handling, and then tunnels intercepted HTTPS bytes, as configured. Judging by the lack of curl errors, that blind TCP tunnel works correctly as well.
>
> SslBump is not applied to tunneled "unknown protocol" bytes, of course.
>
>
> HTH,
>
> Alex.
>
>
>
>> N.B. The other tests confirm that your Squid can "bump clients",
>> invalidating one of the assertions at the beginning of this email
>> thread. The problem appears to be specific to the interception part of
>> the test rather than basic SslBump operation.
>>
>>
>> Cheers,
>>
>> Alex.
>>
>>
>>> 1724109015.407 1623 192.168.78.252 TCP_TUNNEL/200 534674 -
>>> 142.250.185.110:443 <http://142.250.185.110:443> -
>>> ORIGINAL_DST/142.250.185.110 <http://142.250.185.110> - -
>>>
>>> PS C:\Users\eliez> curl -v -k https://www.youtube.com/
>>> <https://www.youtube.com/> -o 1.txt
>>> % Total % Received % Xferd Average Speed Time Time
>>> Time Current
>>> Dload Upload Total Spent
>>> Left Speed
>>> 0 0 0 0 0 0 0 0 --:--:-- --:--:--
>>> --:--:-- 0* Host www.youtube.com:443 <http://www.youtube.com:443>
>>> was resolved.
>>> * IPv6: 2a00:1450:4001:80b::200e, 2a00:1450:4001:828::200e,
>>> 2a00:1450:4001:803::200e, 2a00:1450:4001:830::200e
>>> * IPv4: 142.250.185.110, 216.58.206.78, 142.250.186.142,
>>> 216.58.206.46, 172.217.18.110, 142.250.185.142, 142.250.186.174,
>>> 142.250.184.206, 142.250.185.174, 142.250.184.238, 172.217.18.14,
>>> 142.250.186.110, 172.217.16.206, 172.217.23.110, 216.58.212.142,
>>> 142.250.185.78
>>> * Trying [2a00:1450:4001:80b::200e]:443...
>>> * Trying 142.250.185.110:443...
>>> * Connected to www.youtube.com <http://www.youtube.com>
>>> (142.250.185.110) port 443
>>> * schannel: disabled automatic use of client certificate
>>> * ALPN: curl offers http/1.1
>>> * ALPN: server accepted http/1.1
>>> * using HTTP/1.x
>>> > GET / HTTP/1.1
>>> > Host: www.youtube.com <http://www.youtube.com>
>>> > User-Agent: curl/8.8.0
>>> > Accept: */*
>>> >
>>> * Request completely sent off
>>> * schannel: remote party requests renegotiation
>>> * schannel: renegotiating SSL/TLS connection
>>> * schannel: SSL/TLS connection renegotiated < HTTP/1.1 200 OK <
>>> Content-Type: text/html; charset=utf-8 < X-Content-Type-Options:
>>> nosniff < Cache-Control: no-cache, no-store, max-age=0,
>>> must-revalidate < Pragma: no-cache < Expires: Mon, 01 Jan 1990
>>> 00:00:00 GMT < Date: Mon, 19 Aug 2024 23:10:13 GMT <
>>> Strict-Transport-Security: max-age=31536000 < X-Frame-Options:
>>> SAMEORIGIN < Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*,
>>> ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*,
>>> ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*,
>>> ch-ua-platform-version=*
>>> < Content-Security-Policy: require-trusted-types-for 'script'
>>> < Origin-Trial:
>>> AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hE
>>> AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+DsOo1jdjFnVr2IdxQ4AAA
>>> AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+B4eyJvcmlnaW4iOiJodHR
>>> AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+wczovL3lvdXR1YmUuY29t
>>> AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+OjQ0MyIsImZlYXR1cmUiO
>>> AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+iJXZWJWaWV3WFJlcXVlc3
>>> AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+RlZFdpdGhEZXByZWNhdGl
>>> AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+vbiIsImV4cGlyeSI6MTc1
>>> AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+ODA2NzE5OSwiaXNTdWJkb
>>> AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+21haW4iOnRydWV9
>>> < Report-To:
>>> {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https:
>>> //csp.withgoogle.com/csp/report-to/youtube_main
>>> <https://csp.withgoogle.com/csp/report-to/youtube_main>"}]}
>>> < Cross-Origin-Opener-Policy: same-origin-allow-popups;
>>> report-to="youtube_main"
>>> < P3P: CP="This is not a P3P policy! See
>>> http://support.google.com/accounts/answer/151657?hl=en
>>> <http://support.google.com/accounts/answer/151657?hl=en> for more info."
>>> < Server: ESF
>>> < X-XSS-Protection: 0
>>> < Set-Cookie: GPS=1; Domain=.youtube.com <http://youtube.com>;
>>> Expires=Mon, 19-Aug-2024 23:40:13 GMT; Path=/; Secure; HttpOnly <
>>> Set-Cookie: YSC=FASh7dosPqA; Domain=.youtube.com
>>> <http://youtube.com>; Path=/; Secure; HttpOnly; SameSite=none <
>>> Set-Cookie: VISITOR_INFO1_LIVE=B6cXjIhTk2Q; Domain=.youtube.com
>>> <http://youtube.com>; Expires=Sat, 15-Feb-2025 23:10:13 GMT; Path=/;
>>> Secure; HttpOnly; SameSite=none < Set-Cookie:
>>> VISITOR_PRIVACY_METADATA=CgJJTBIEGgAgJw%3D%3D;
>>> Domain=.youtube.com <http://youtube.com>; Expires=Sat, 15-Feb-2025
>>> 23:10:13 GMT; Path=/; Secure; HttpOnly; SameSite=none < Alt-Svc:
>>> h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 < Accept-Ranges: none
>>> < Vary: Accept-Encoding < Transfer-Encoding: chunked < { [9490 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [16240 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [4134 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [9646 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [16215 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [1378 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [2756 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [5512 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [2756 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [2756 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [2756 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [3824 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [2756 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [2756 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [5537 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [2756 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [4134 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [1378 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [22048 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [35198 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [21738 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [35854 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [25878 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [5193 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [13805 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [5512 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [5512 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [20374 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [1378 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [19292 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [4134 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [21752 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [2756 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [24508 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [13780 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [47936 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [11024 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [53150 bytes
>>> data]
>>> 100 504k 0 504k 0 0 556k 0 --:--:-- --:--:--
>>> --:--:-- 559k
>>> * Connection #0 to host www.youtube.com <http://www.youtube.com> left
>>> intact
>>>
>>>
>>> Now for a direct test with a proxy definition for a port which is not
>>> intercept but plain forward proxy:
>>>
>>> 1724109426.755 1638 192.168.78.252 TCP_TUNNEL/200 533406 CONNECT
>>> www.youtube.com:443 <http://www.youtube.com:443> -
>>> HIER_DIRECT/142.250.184.238 <http://142.250.184.238> - -
>>>
>>> PS C:\Users\eliez> curl -x http://192.168.66.1:3128
>>> <http://192.168.66.1:3128> -v -k https://www.youtube.com/
>>> <https://www.youtube.com/> -o 1.txt
>>> % Total % Received % Xferd Average Speed Time Time
>>> Time Current
>>> Dload Upload Total Spent
>>> Left Speed
>>> 0 0 0 0 0 0 0 0 --:--:-- --:--:--
>>> --:--:-- 0* Trying 192.168.66.1:3128...
>>> * Connected to 192.168.66.1 (192.168.66.1) port 3128
>>> * CONNECT tunnel: HTTP/1.1 negotiated
>>> * allocate connect buffer
>>> * Establish HTTP proxy tunnel to www.youtube.com:443
>>> <http://www.youtube.com:443>
>>> > CONNECT www.youtube.com:443 <http://www.youtube.com:443> HTTP/1.1
>>> > Host: www.youtube.com:443 <http://www.youtube.com:443>
>>> > User-Agent: curl/8.8.0
>>> > Proxy-Connection: Keep-Alive
>>> >
>>> < HTTP/1.1 200 Connection established <
>>> * CONNECT phase completed
>>> * CONNECT tunnel established, response 200
>>> * schannel: disabled automatic use of client certificate
>>> * ALPN: curl offers http/1.1
>>> * ALPN: server accepted http/1.1
>>> * using HTTP/1.x
>>> > GET / HTTP/1.1
>>> > Host: www.youtube.com <http://www.youtube.com>
>>> > User-Agent: curl/8.8.0
>>> > Accept: */*
>>> >
>>> * Request completely sent off
>>> * schannel: remote party requests renegotiation
>>> * schannel: renegotiating SSL/TLS connection
>>> * schannel: SSL/TLS connection renegotiated < HTTP/1.1 200 OK <
>>> Content-Type: text/html; charset=utf-8 < X-Content-Type-Options:
>>> nosniff < Cache-Control: no-cache, no-store, max-age=0,
>>> must-revalidate < Pragma: no-cache < Expires: Mon, 01 Jan 1990
>>> 00:00:00 GMT < Date: Mon, 19 Aug 2024 23:17:05 GMT <
>>> Strict-Transport-Security: max-age=31536000 < X-Frame-Options:
>>> SAMEORIGIN < Content-Security-Policy: require-trusted-types-for
>>> 'script'
>>> < Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*,
>>> ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*,
>>> ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*,
>>> ch-ua-platform-version=*
>>> < Report-To:
>>> {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https:
>>> //csp.withgoogle.com/csp/report-to/youtube_main
>>> <https://csp.withgoogle.com/csp/report-to/youtube_main>"}]}
>>> < Origin-Trial:
>>> AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hE
>>> AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+DsOo1jdjFnVr2IdxQ4AAA
>>> AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+B4eyJvcmlnaW4iOiJodHR
>>> AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+wczovL3lvdXR1YmUuY29t
>>> AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+OjQ0MyIsImZlYXR1cmUiO
>>> AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+iJXZWJWaWV3WFJlcXVlc3
>>> AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+RlZFdpdGhEZXByZWNhdGl
>>> AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+vbiIsImV4cGlyeSI6MTc1
>>> AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+ODA2NzE5OSwiaXNTdWJkb
>>> AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+21haW4iOnRydWV9
>>> < Cross-Origin-Opener-Policy: same-origin-allow-popups;
>>> report-to="youtube_main"
>>> < P3P: CP="This is not a P3P policy! See
>>> http://support.google.com/accounts/answer/151657?hl=en
>>> <http://support.google.com/accounts/answer/151657?hl=en> for more info."
>>> < Server: ESF
>>> < X-XSS-Protection: 0
>>> < Set-Cookie: GPS=1; Domain=.youtube.com <http://youtube.com>;
>>> Expires=Mon, 19-Aug-2024 23:47:05 GMT; Path=/; Secure; HttpOnly <
>>> Set-Cookie: YSC=OujtWi5Xgqo; Domain=.youtube.com
>>> <http://youtube.com>; Path=/; Secure; HttpOnly; SameSite=none <
>>> Set-Cookie: VISITOR_INFO1_LIVE=PtNdaPPFKOg; Domain=.youtube.com
>>> <http://youtube.com>; Expires=Sat, 15-Feb-2025 23:17:05 GMT; Path=/;
>>> Secure; HttpOnly; SameSite=none < Set-Cookie:
>>> VISITOR_PRIVACY_METADATA=CgJJTBIEGgAgTA%3D%3D;
>>> Domain=.youtube.com <http://youtube.com>; Expires=Sat, 15-Feb-2025
>>> 23:17:05 GMT; Path=/; Secure; HttpOnly; SameSite=none < Alt-Svc:
>>> h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 < Accept-Ranges: none
>>> < Vary: Accept-Encoding < Transfer-Encoding: chunked < { [9490 bytes
>>> data]
>>> 100 16366 0 16366 0 0 32466 0 --:--:-- --:--:--
>>> --:--:-- 32407* schannel: failed to decrypt data, need more data {
>>> [5216 bytes data]
>>> * schannel: failed to decrypt data, need more data { [2756 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [2756 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [2756 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [4134 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [2756 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [21729 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [18982 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [22071 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [6890 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [14848 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [11024 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [10706 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [15158 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [2756 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [10714 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [15180 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [22273 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [44653 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [22048 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [101084 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [4134 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [80712 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [23130 bytes
>>> data]
>>> 100 503k 0 503k 0 0 670k 0 --:--:-- --:--:--
>>> --:--:-- 670k
>>> * Connection #0 to host 192.168.66.1 left intact
>>>
>>>
>>> For a direct forward proxy to a sslbump enabled port these are the
>>> results:
>>>
>>> 1724109490.260 217 192.168.78.252 NONE_NONE/200 0 CONNECT
>>> www.youtube.com:443 <http://www.youtube.com:443> -
>>> HIER_DIRECT/142.250.181.238 <http://142.250.181.238> -
>>> www.youtube.com <http://www.youtube.com>
>>> 1724109490.947 686 192.168.78.252 TCP_MISS/200 516442 GET
>>> https://www.youtube.com/ <https://www.youtube.com/> -
>>> HIER_DIRECT/142.250.181.238 <http://142.250.181.238> text/html
>>> www.youtube.com <http://www.youtube.com>
>>>
>>> PS C:\Users\eliez> curl -x http://192.168.66.1:13128
>>> <http://192.168.66.1:13128> -v -k https://www.youtube.com/
>>> <https://www.youtube.com/> -o 1.txt
>>> % Total % Received % Xferd Average Speed Time Time
>>> Time Current
>>> Dload Upload Total Spent
>>> Left Speed
>>> 0 0 0 0 0 0 0 0 --:--:-- --:--:--
>>> --:--:-- 0* Trying 192.168.66.1:13128...
>>> * Connected to 192.168.66.1 (192.168.66.1) port 13128
>>> * CONNECT tunnel: HTTP/1.1 negotiated
>>> * allocate connect buffer
>>> * Establish HTTP proxy tunnel to www.youtube.com:443
>>> <http://www.youtube.com:443>
>>> > CONNECT www.youtube.com:443 <http://www.youtube.com:443> HTTP/1.1
>>> > Host: www.youtube.com:443 <http://www.youtube.com:443>
>>> > User-Agent: curl/8.8.0
>>> > Proxy-Connection: Keep-Alive
>>> >
>>> < HTTP/1.1 200 Connection established <
>>> * CONNECT phase completed
>>> * CONNECT tunnel established, response 200
>>> * schannel: disabled automatic use of client certificate
>>> * ALPN: curl offers http/1.1
>>> * ALPN: server did not agree on a protocol. Uses default.
>>> * using HTTP/1.x
>>> > GET / HTTP/1.1
>>> > Host: www.youtube.com <http://www.youtube.com>
>>> > User-Agent: curl/8.8.0
>>> > Accept: */*
>>> >
>>> * Request completely sent off
>>> * schannel: remote party requests renegotiation
>>> * schannel: renegotiating SSL/TLS connection
>>> * schannel: SSL/TLS connection renegotiated
>>> * schannel: remote party requests renegotiation
>>> * schannel: renegotiating SSL/TLS connection
>>> * schannel: SSL/TLS connection renegotiated < HTTP/1.1 200 OK <
>>> Content-Type: text/html; charset=utf-8 < X-Content-Type-Options:
>>> nosniff < Cache-Control: no-cache, no-store, max-age=0,
>>> must-revalidate < Pragma: no-cache < Expires: Mon, 01 Jan 1990
>>> 00:00:00 GMT < Date: Mon, 19 Aug 2024 23:18:10 GMT <
>>> Strict-Transport-Security: max-age=31536000 < X-Frame-Options:
>>> SAMEORIGIN < Content-Security-Policy: require-trusted-types-for
>>> 'script'
>>> < Origin-Trial:
>>> AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hE
>>> AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+DsOo1jdjFnVr2IdxQ4AAA
>>> AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+B4eyJvcmlnaW4iOiJodHR
>>> AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+wczovL3lvdXR1YmUuY29t
>>> AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+OjQ0MyIsImZlYXR1cmUiO
>>> AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+iJXZWJWaWV3WFJlcXVlc3
>>> AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+RlZFdpdGhEZXByZWNhdGl
>>> AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+vbiIsImV4cGlyeSI6MTc1
>>> AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+ODA2NzE5OSwiaXNTdWJkb
>>> AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+21haW4iOnRydWV9
>>> < Cross-Origin-Opener-Policy: same-origin-allow-popups;
>>> report-to="youtube_main"
>>> < Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*,
>>> ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*,
>>> ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*,
>>> ch-ua-platform-version=*
>>> < Report-To:
>>> {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https:
>>> //csp.withgoogle.com/csp/report-to/youtube_main
>>> <https://csp.withgoogle.com/csp/report-to/youtube_main>"}]}
>>> < P3P: CP="This is not a P3P policy! See
>>> http://support.google.com/accounts/answer/151657?hl=en
>>> <http://support.google.com/accounts/answer/151657?hl=en> for more info."
>>> < Server: ESF
>>> < X-XSS-Protection: 0
>>> < Set-Cookie: GPS=1; Domain=.youtube.com <http://youtube.com>;
>>> Expires=Mon, 19-Aug-2024 23:48:10 GMT; Path=/; Secure; HttpOnly <
>>> Set-Cookie: YSC=6pPz8lVi60s; Domain=.youtube.com
>>> <http://youtube.com>; Path=/; Secure; HttpOnly; SameSite=none <
>>> Set-Cookie: VISITOR_INFO1_LIVE=zD4fzRwONpc; Domain=.youtube.com
>>> <http://youtube.com>; Expires=Sat, 15-Feb-2025 23:18:10 GMT; Path=/;
>>> Secure; HttpOnly; SameSite=none < Set-Cookie:
>>> VISITOR_PRIVACY_METADATA=CgJJTBIEGgAgOQ%3D%3D;
>>> Domain=.youtube.com <http://youtube.com>; Expires=Sat, 15-Feb-2025
>>> 23:18:10 GMT; Path=/; Secure; HttpOnly; SameSite=none < Alt-Svc:
>>> h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 < Accept-Ranges: none
>>> < Vary: Accept-Encoding < X-Cache: MISS from 005-NgTech-Home-Proxy-1
>>> < X-Cache-Lookup: MISS from 005-NgTech-Home-Proxy-1:3128 <
>>> Transfer-Encoding: chunked < Via: 1.1 005-NgTech-Home-Proxy-1
>>> (squid/5.9) < Connection: keep-alive < { [7370 bytes data]
>>> 100 27390 0 27390 0 0 35637 0 --:--:-- --:--:--
>>> --:--:-- 35617* schannel: failed to decrypt data, need more data {
>>> [2770 bytes data]
>>> * schannel: failed to decrypt data, need more data { [21842 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [21834 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [10776 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [11080 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [100491 bytes
>>> data]
>>> 100 499k 0 499k 0 0 488k 0 --:--:-- 0:00:01
>>> --:--:-- 489k
>>> * Connection #0 to host 192.168.66.1 left intact
>>>
>>> Now for the second part which is to play with the ssl_bump options.
>>> currently the options I am using are:
>>> ssl_bump peek step1
>>> ssl_bump bump all
>>>
>>> So now I will try to change them a bit.
>>>
>>> For a direct curl request to the intercept with ssl bump port I get
>>> the next logs:
>>>
>>>
>>>
>>> 2024/08/20 02:23:18 kid1| SECURITY ALERT: Host header forgery
>>> detected on conn364 local=192.168.66.1:33128
>>> <http://192.168.66.1:33128>
>>> remote=192.168.78.252:40721 <http://192.168.78.252:40721> FD 10
>>> flags=33 (intercepted port does not match 443)
>>> current master transaction: master118
>>> 2024/08/20 02:23:18 kid1| SECURITY ALERT: By user agent: curl/8.8.0
>>> current master transaction: master118
>>> 2024/08/20 02:23:18 kid1| SECURITY ALERT: on URL: www.youtube.com:443
>>> <http://www.youtube.com:443>
>>> current master transaction: master118
>>> 2024/08/20 02:23:18 kid1| kick abandoning conn364
>>> local=192.168.66.1:33128 <http://192.168.66.1:33128>
>>> remote=192.168.78.252:40721 <http://192.168.78.252:40721> FD 10
>>> flags=33
>>> connection: conn364 local=192.168.66.1:33128
>>> <http://192.168.66.1:33128> remote=192.168.78.252:40721
>>> <http://192.168.78.252:40721> FD 10 flags=33
>>>
>>> ==> /var/log/squid/access.log <==
>>> 1724109798.106 0 192.168.78.252 NONE_NONE/409 4177 CONNECT
>>> www.youtube.com:443 <http://www.youtube.com:443> - HIER_NONE/-
>>> text/html -
>>>
>>> PS C:\Users\eliez> curl -x http://192.168.66.1:33128
>>> <http://192.168.66.1:33128> -v -k https://www.youtube.com/
>>> <https://www.youtube.com/> -o 1.txt
>>> % Total % Received % Xferd Average Speed Time Time
>>> Time Current
>>> Dload Upload Total Spent
>>> Left Speed
>>> 0 0 0 0 0 0 0 0 --:--:-- --:--:--
>>> --:--:-- 0* Trying 192.168.66.1:33128...
>>> * Connected to 192.168.66.1 (192.168.66.1) port 33128
>>> * CONNECT tunnel: HTTP/1.1 negotiated
>>> * allocate connect buffer
>>> * Establish HTTP proxy tunnel to www.youtube.com:443
>>> <http://www.youtube.com:443>
>>> > CONNECT www.youtube.com:443 <http://www.youtube.com:443> HTTP/1.1
>>> > Host: www.youtube.com:443 <http://www.youtube.com:443>
>>> > User-Agent: curl/8.8.0
>>> > Proxy-Connection: Keep-Alive
>>> >
>>> < HTTP/1.1 409 Conflict
>>> < Server: squid/5.9
>>> < Mime-Version: 1.0
>>> < Date: Mon, 19 Aug 2024 23:23:18 GMT < Content-Type:
>>> text/html;charset=utf-8 < Content-Length: 3765 < X-Squid-Error:
>>> ERR_CONFLICT_HOST 0 < Vary: Accept-Language < Content-Language: en <
>>> X-Cache: MISS from 005-NgTech-Home-Proxy-1 < X-Cache-Lookup: NONE
>>> from 005-NgTech-Home-Proxy-1:3128 < Via: 1.1 005-NgTech-Home-Proxy-1
>>> (squid/5.9) < Connection: keep-alive <
>>> * CONNECT tunnel failed, response 409
>>> 0 0 0 0 0 0 0 0 --:--:-- --:--:--
>>> --:--:-- 0
>>> * Closing connection
>>> curl: (56) CONNECT tunnel failed, response 409
>>>
>>> With a Splice all the results are:
>>> Access log:
>>> 1724109929.178 0 192.168.78.252 NONE_NONE/000 0 -
>>> error:invalid-request - HIER_NONE/- - -
>>> 1724109930.776 1598 192.168.78.252 TCP_TUNNEL/200 531067 -
>>> 142.250.185.78:443 <http://142.250.185.78:443> -
>>> ORIGINAL_DST/142.250.185.78 <http://142.250.185.78> - -
>>>
>>> PS C:\Users\eliez> curl -v -k https://www.youtube.com/
>>> <https://www.youtube.com/> -o 1.txt
>>> % Total % Received % Xferd Average Speed Time Time
>>> Time Current
>>> Dload Upload Total Spent
>>> Left Speed
>>> 0 0 0 0 0 0 0 0 --:--:-- --:--:--
>>> --:--:-- 0* Host www.youtube.com:443 <http://www.youtube.com:443>
>>> was resolved.
>>> * IPv6: 2a00:1450:4001:81c::200e, 2a00:1450:4001:809::200e,
>>> 2a00:1450:4001:800::200e, 2a00:1450:4001:80e::200e
>>> * IPv4: 142.250.185.78, 142.250.185.110, 142.250.185.142,
>>> 142.250.186.174, 142.250.185.174, 142.250.184.238, 142.250.185.238,
>>> 142.250.185.206, 142.250.181.238, 142.250.186.46, 142.250.186.78,
>>> 172.217.16.142, 216.58.212.174, 216.58.206.46, 172.217.18.110,
>>> 172.217.23.110
>>> * Trying [2a00:1450:4001:81c::200e]:443...
>>> * Trying 142.250.185.78:443...
>>> * Connected to www.youtube.com <http://www.youtube.com>
>>> (142.250.185.78) port 443
>>> * schannel: disabled automatic use of client certificate
>>> * ALPN: curl offers http/1.1
>>> * ALPN: server accepted http/1.1
>>> * using HTTP/1.x
>>> > GET / HTTP/1.1
>>> > Host: www.youtube.com <http://www.youtube.com>
>>> > User-Agent: curl/8.8.0
>>> > Accept: */*
>>> >
>>> * Request completely sent off
>>> * schannel: remote party requests renegotiation
>>> * schannel: renegotiating SSL/TLS connection
>>> * schannel: SSL/TLS connection renegotiated
>>> * schannel: failed to decrypt data, need more data < HTTP/1.1 200 OK
>>> < Content-Type: text/html; charset=utf-8 < X-Content-Type-Options:
>>> nosniff < Cache-Control: no-cache, no-store, max-age=0,
>>> must-revalidate < Pragma: no-cache < Expires: Mon, 01 Jan 1990
>>> 00:00:00 GMT < Date: Mon, 19 Aug 2024 23:25:29 GMT <
>>> Strict-Transport-Security: max-age=31536000 < X-Frame-Options:
>>> SAMEORIGIN < Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*,
>>> ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*,
>>> ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*,
>>> ch-ua-platform-version=*
>>> < Content-Security-Policy: require-trusted-types-for 'script'
>>> < Cross-Origin-Opener-Policy: same-origin-allow-popups;
>>> report-to="youtube_main"
>>> < Report-To:
>>> {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https:
>>> //csp.withgoogle.com/csp/report-to/youtube_main
>>> <https://csp.withgoogle.com/csp/report-to/youtube_main>"}]}
>>> < Origin-Trial:
>>> AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hE
>>> AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+DsOo1jdjFnVr2IdxQ4AAA
>>> AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+B4eyJvcmlnaW4iOiJodHR
>>> AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+wczovL3lvdXR1YmUuY29t
>>> AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+OjQ0MyIsImZlYXR1cmUiO
>>> AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+iJXZWJWaWV3WFJlcXVlc3
>>> AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+RlZFdpdGhEZXByZWNhdGl
>>> AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+vbiIsImV4cGlyeSI6MTc1
>>> AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+ODA2NzE5OSwiaXNTdWJkb
>>> AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+21haW4iOnRydWV9
>>> < P3P: CP="This is not a P3P policy! See
>>> http://support.google.com/accounts/answer/151657?hl=en
>>> <http://support.google.com/accounts/answer/151657?hl=en> for more info."
>>> < Server: ESF
>>> < X-XSS-Protection: 0
>>> < Set-Cookie: GPS=1; Domain=.youtube.com <http://youtube.com>;
>>> Expires=Mon, 19-Aug-2024 23:55:29 GMT; Path=/; Secure; HttpOnly <
>>> Set-Cookie: YSC=O3fSKdGlL-Q; Domain=.youtube.com
>>> <http://youtube.com>; Path=/; Secure; HttpOnly; SameSite=none <
>>> Set-Cookie: VISITOR_INFO1_LIVE=2PPYvkk_Sbo; Domain=.youtube.com
>>> <http://youtube.com>; Expires=Sat, 15-Feb-2025 23:25:29 GMT; Path=/;
>>> Secure; HttpOnly; SameSite=none < Set-Cookie:
>>> VISITOR_PRIVACY_METADATA=CgJJTBIEGgAgGA%3D%3D;
>>> Domain=.youtube.com <http://youtube.com>; Expires=Sat, 15-Feb-2025
>>> 23:25:29 GMT; Path=/; Secure; HttpOnly; SameSite=none < Alt-Svc:
>>> h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 < Accept-Ranges: none
>>> < Vary: Accept-Encoding < Transfer-Encoding: chunked < { [3674 bytes
>>> data]
>>> 100 24634 0 24634 0 0 31895 0 --:--:-- --:--:--
>>> --:--:-- 32033* schannel: failed to decrypt data, need more data {
>>> [2460 bytes data]
>>> * schannel: failed to decrypt data, need more data { [2756 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [2756 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [2756 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [2756 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [2756 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [21728 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [16536 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [1068 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [22072 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [4134 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [5512 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [5512 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [9336 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [4134 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [4134 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [8268 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [7949 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [2756 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [11024 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [6890 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [5512 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [2446 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [22071 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [35526 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [18974 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [23450 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [58662 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [21752 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [42424 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [12402 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [42422 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [7972 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [4134 bytes
>>> data]
>>> 100 501k 0 501k 0 0 496k 0 --:--:-- 0:00:01
>>> --:--:-- 498k
>>> * Connection #0 to host www.youtube.com <http://www.youtube.com> left
>>> intact
>>>
>>> I am unsure if to continue but I will test again the next ssl bump
>>> rules (maybe I got your instructions wrong):
>>> ssl_bump peek all
>>> ssl_bump bump all
>>>
>>> Access.log
>>> 1724110080.231 0 192.168.78.252 NONE_NONE/000 0 -
>>> error:invalid-request - HIER_NONE/- - -
>>> 1724110081.819 1587 192.168.78.252 TCP_TUNNEL/200 532898 -
>>> 142.250.185.78:443 <http://142.250.185.78:443> -
>>> ORIGINAL_DST/142.250.185.78 <http://142.250.185.78> - -
>>>
>>> Curl:
>>> PS C:\Users\eliez> curl -v -k https://www.youtube.com/
>>> <https://www.youtube.com/> -o 1.txt
>>> % Total % Received % Xferd Average Speed Time Time
>>> Time Current
>>> Dload Upload Total Spent
>>> Left Speed
>>> 0 0 0 0 0 0 0 0 --:--:-- --:--:--
>>> --:--:-- 0* Host www.youtube.com:443 <http://www.youtube.com:443>
>>> was resolved.
>>> * IPv6: 2a00:1450:4001:80e::200e, 2a00:1450:4001:80f::200e,
>>> 2a00:1450:4001:810::200e, 2a00:1450:4001:82b::200e
>>> * IPv4: 142.250.185.78, 142.250.185.110, 142.250.185.142,
>>> 142.250.186.174, 142.250.185.174, 142.250.184.238, 142.250.185.238,
>>> 142.250.185.206, 142.250.181.238, 142.250.186.46, 142.250.186.78,
>>> 172.217.16.142, 216.58.212.174, 216.58.206.46, 172.217.18.110,
>>> 172.217.23.110
>>> * Trying [2a00:1450:4001:80e::200e]:443...
>>> * Trying 142.250.185.78:443...
>>> * Connected to www.youtube.com <http://www.youtube.com>
>>> (142.250.185.78) port 443
>>> * schannel: disabled automatic use of client certificate
>>> * ALPN: curl offers http/1.1
>>> * ALPN: server accepted http/1.1
>>> * using HTTP/1.x
>>> > GET / HTTP/1.1
>>> > Host: www.youtube.com <http://www.youtube.com>
>>> > User-Agent: curl/8.8.0
>>> > Accept: */*
>>> >
>>> * Request completely sent off
>>> * schannel: remote party requests renegotiation
>>> * schannel: renegotiating SSL/TLS connection
>>> * schannel: SSL/TLS connection renegotiated
>>> * schannel: failed to decrypt data, need more data < HTTP/1.1 200 OK
>>> < Content-Type: text/html; charset=utf-8 < X-Content-Type-Options:
>>> nosniff < Cache-Control: no-cache, no-store, max-age=0,
>>> must-revalidate < Pragma: no-cache < Expires: Mon, 01 Jan 1990
>>> 00:00:00 GMT < Date: Mon, 19 Aug 2024 23:28:00 GMT < X-Frame-Options:
>>> SAMEORIGIN < Strict-Transport-Security: max-age=31536000 <
>>> Cross-Origin-Opener-Policy: same-origin-allow-popups;
>>> report-to="youtube_main"
>>> < Content-Security-Policy: require-trusted-types-for 'script'
>>> < Report-To:
>>> {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https:
>>> //csp.withgoogle.com/csp/report-to/youtube_main
>>> <https://csp.withgoogle.com/csp/report-to/youtube_main>"}]}
>>> < Origin-Trial:
>>> AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hE
>>> AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+DsOo1jdjFnVr2IdxQ4AAA
>>> AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+B4eyJvcmlnaW4iOiJodHR
>>> AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+wczovL3lvdXR1YmUuY29t
>>> AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+OjQ0MyIsImZlYXR1cmUiO
>>> AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+iJXZWJWaWV3WFJlcXVlc3
>>> AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+RlZFdpdGhEZXByZWNhdGl
>>> AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+vbiIsImV4cGlyeSI6MTc1
>>> AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+ODA2NzE5OSwiaXNTdWJkb
>>> AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+21haW4iOnRydWV9
>>> < Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*,
>>> ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*,
>>> ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*,
>>> ch-ua-platform-version=*
>>> < P3P: CP="This is not a P3P policy! See
>>> http://support.google.com/accounts/answer/151657?hl=en
>>> <http://support.google.com/accounts/answer/151657?hl=en> for more info."
>>> < Server: ESF
>>> < X-XSS-Protection: 0
>>> < Set-Cookie: GPS=1; Domain=.youtube.com <http://youtube.com>;
>>> Expires=Mon, 19-Aug-2024 23:58:00 GMT; Path=/; Secure; HttpOnly <
>>> Set-Cookie: YSC=zO-uFscIOFo; Domain=.youtube.com
>>> <http://youtube.com>; Path=/; Secure; HttpOnly; SameSite=none <
>>> Set-Cookie: VISITOR_INFO1_LIVE=ewGx6w06928; Domain=.youtube.com
>>> <http://youtube.com>; Expires=Sat, 15-Feb-2025 23:28:00 GMT; Path=/;
>>> Secure; HttpOnly; SameSite=none < Set-Cookie:
>>> VISITOR_PRIVACY_METADATA=CgJJTBIEGgAgFA%3D%3D;
>>> Domain=.youtube.com <http://youtube.com>; Expires=Sat, 15-Feb-2025
>>> 23:28:00 GMT; Path=/; Secure; HttpOnly; SameSite=none < Alt-Svc:
>>> h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 < Accept-Ranges: none
>>> < Vary: Accept-Encoding < Transfer-Encoding: chunked < { [3674 bytes
>>> data]
>>> 100 16366 0 16366 0 0 23561 0 --:--:-- --:--:--
>>> --:--:-- 23684* schannel: failed to decrypt data, need more data {
>>> [1082 bytes data]
>>> * schannel: failed to decrypt data, need more data { [2756 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [2756 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [2756 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [2756 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [2756 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [4134 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [2436 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [2756 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [2756 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [20670 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [25896 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [20670 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [2756 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [6580 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [11024 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [5193 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [5512 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [11024 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [2756 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [9646 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [2756 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [9336 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [2756 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [13803 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [6890 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [21746 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [56204 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [7972 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [6890 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [23130 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [54824 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [23130 bytes
>>> data]
>>> * schannel: failed to decrypt data, need more data { [74118 bytes
>>> data]
>>> 100 503k 0 503k 0 0 531k 0 --:--:-- --:--:--
>>> --:--:-- 533k
>>> * Connection #0 to host www.youtube.com <http://www.youtube.com> left
>>> intact
>>>
>>> This is all the same with both 5.9 and 6.10 as far as I can tell.
>>>
>>> I know it's a lot of logs but it seems like the problem is well
>>> understood.
>>> All the above tests are done using the DNAT REDIRECT method.
>>>
>>> Just take into account that the next are also present in squid.conf
>>>
>>> acl foreignProtocol squid_error ERR_PROTOCOL_UNKNOWN ERR_TOO_BIG acl
>>> serverTalksFirstProtocol squid_error ERR_REQUEST_START_TIMEOUT
>>>
>>>
>>> on_unsupported_protocol tunnel foreignProtocol
>>> on_unsupported_protocol tunnel serverTalksFirstProtocol
>>> on_unsupported_protocol respond all
>>>
>>>
>>> If you need me to test other things please let me know.
>>>
>>> Eliezer
>>>
>>> ----
>>> Eliezer Croitoru
>>> Tech Support
>>> Mobile: +972-5-28704261
>>> Email: ngtech1ltd at gmail.com <mailto:ngtech1ltd at gmail.com>
>>>
>>>
>>> On Mon, Aug 19, 2024 at 10:59 PM Alex Rousskov
>>> <rousskov at measurement-factory.com
>>> <mailto:rousskov at measurement-factory.com>> wrote:
>>>
>>> On 2024-08-19 15:27, ngtech1ltd at gmail.com
>>> <mailto:ngtech1ltd at gmail.com> wrote:
>>>
>>> > I see that there is a SNI so I am not sure how to look at the
>>> issue.
>>>
>>> FWIW, as the next step, I still recommend answering the remaining
>>> open
>>> questions. Everything else makes a facinating read but is less
>>> likely to
>>> help us make progress (and may obscure/hide actual answers and
>>> test
>>> results). I will restate those remaining questions for your
>>> convenience:
>>>
>>> * Do all those 12 access.log records correspond to a single curl
>>> request? If not, please only share access.log record(s) that do
>>> correspond.
>>>
>>> 2. Does everything work for non-intercept ports? Use the same
>>> curl test
>>> you have shared below, but specify proxy address for curl to use.
>>>
>>> 4. Does everything work when you remove "ssl-bump" and related
>>> options
>>> from intercepting http_port 33128 (and use that intercepted port
>>> in the
>>> same curl test)?
>>>
>>> 5. Does everything work when you use "ssl_bump splice all"
>>> instead of
>>> your current ssl_bump rule? Same curl parameters as in Q4.
>>>
>>> 6. Does everything work when you use "ssl_bump peek all" instead
>>> of
>>> your
>>> current ssl_bump rule? Same curl parameters as in Q4.
>>>
>>>
>>> While going through the above list, top to bottom, if you find a
>>> test
>>> that does _not_ work, pause: There is no need to proceed with
>>> other,
>>> more complicated tests if an earlier simpler/basic test fails.
>>>
>>>
>>> HTH,
>>>
>>> Alex.
>>>
>>>
>>> > I was thinking that maybe it's something with the OpenSSL
>>> version
>>> (3.x.x) on Fedora but then I installed both 5.9 and 6.10 on
>>> Almalinux 8 and the result is the same.
>>> >
>>> > I will describe my setup which might give some background.
>>> > I have a very big lab...
>>> > In the front of the Internet connection there are couple NGFW
>>> devices and RouterOS.
>>> > Mikrotik RouterOS is the edge and all the others are used with
>>> PBR accordingly.
>>> > The proxy sits in a deferent segment on the network and I have
>>> tried couple methods to intercept the traffic with squid.
>>> > The only one which works with Squid and the existing equipment
>>> and do not cause some weird loop is ethernet level tunnel ie not:
>>> > * GRE
>>> > * IPIP
>>> > And couple others.
>>> >
>>> > The only ones which works fine are:
>>> > * EoIP (Mikrotik which is based on GRE0
>>> > * VxLAN
>>> >
>>> > There are two methods to intercept the traffic:
>>> > * PBR+DNAT on the squid box
>>> > * PBR+TPROXY on the squid box
>>> >
>>> > Since the intercept method terminates the connection and
>>> creates
>>> a new one with the ip of the proxy it's very simple to even use
>>> gre
>>> and ipip.
>>> > But, with tproxy to allow the traffic being identified
>>> currently
>>> as a packet which is not still in the routing stack we the linux
>>> OS
>>> need to tag it somehow.
>>> > To do that the default "Salt" for the packet hash in the
>>> routing
>>> stack is the source and destination mac address.
>>> > Due to this the only methods which are allowing to use tproxy
>>> are
>>> the above mentioned tunnels. (Maybe I will post a video on it
>>> later
>>> on with a demo)
>>> >
>>> > The Mikrotik RouterOS device re-routes the traffic from the
>>> LAN
>>> interface into the VxLAN interface directly to the proxy machine
>>> which has a
>>> > static or dynamic route to the LAN subnet via the other side
>>> of
>>> the VxLAN tunnel which is the edge RouterOS device.
>>> > I want to gather a set of configurations and tests for this
>>> configurations to verify what might cause this issue and if
>>> possible
>>> to resolve it.
>>> > For me it seems that if my FortiGate and CheckPoint devices
>>> are
>>> able to intercept the traffic and "Bump" it, there is no reason
>>> why
>>> squid should
>>> > be able to do that the same way.
>>> >
>>> > I will later on send you a private link to the pcaps in a zip
>>> file so you would be able to inspect this issue in the network
>>> level
>>> and to see if there is
>>> > some details which can help us understand what cause this
>>> specific issue.
>>> >
>>> > I want to say that bumping works fine on non-intercepted
>>> connections and that I have tested the interception with the two
>>> available methods ie:
>>> > * DNAT Redirect
>>> > * Tproxy
>>> >
>>> > Thanks,
>>> > Eliezer Croitoru
>>> >
>>> > -----Original Message-----
>>> > From: Alex Rousskov <rousskov at measurement-factory.com
>>> <mailto:rousskov at measurement-factory.com>>
>>> > Sent: Monday, August 19, 2024 7:18 PM
>>> > To: NgTech LTD <ngtech1ltd at gmail.com
>>> <mailto:ngtech1ltd at gmail.com>>
>>> > Subject: Re: [squid-users] Squid 6.10 on Fedora 40 cannot
>>> intercept and bump SSL Traffic
>>> >
>>> > Eliezer, please move this thread back to squid-users mailing
>>> list
>>> > instead of emailing me personally. When you do so, please
>>> clarify
>>> > whether all 12 access.log records correspond to this single
>>> curl
>>> request
>>> > (if not, please only share access.log record(s) that do
>>> correspond). --Alex.
>>> >
>>> > On 2024-08-19 12:03, NgTech LTD wrote:
>>> >> This is the output of curl on windows 11 desktop:
>>> >> C:\Users\USER>curl https://www.youtube.com/
>>> <https://www.youtube.com/> -k -v -o 1.txt
>>> >> % Total % Received % Xferd Average Speed Time
>>> Time Time
>>> >> Current
>>> >> Dload Upload Total
>>> Spent Left
>>> >> Speed
>>> >> 0 0 0 0 0 0 0 0 --:--:--
>>> --:--:--
>>> >> --:--:-- 0* Host www.youtube.com:443
>>> <http://www.youtube.com:443> <http://www.youtube.com:443
>>> <http://www.youtube.com:443>>
>>> >> was resolved.
>>> >> * IPv6: 2a00:1450:4001:800::200e, 2a00:1450:4001:80e::200e,
>>> >> 2a00:1450:4001:81c::200e, 2a00:1450:4001:809::200e
>>> >> * IPv4: 142.250.185.78, 142.250.185.110, 142.250.185.142,
>>> >> 142.250.186.174, 142.250.185.174, 142.250.184.238,
>>> 142.250.185.238,
>>> >> 142.250.185.206, 142.250.181.238, 142.250.186.46,
>>> 142.250.186.78,
>>> >> 172.217.16.142, 216.58.212.174, 216.58.206.46,
>>> 172.217.23.110,
>>> >> 216.58.212.142
>>> >> * Trying 142.250.185.78:443...
>>> >> * Connected to www.youtube.com <http://www.youtube.com>
>>> <http://www.youtube.com <http://www.youtube.com>>
>>> (142.250.185.78)
>>> >> port 443
>>> >> * schannel: disabled automatic use of client certificate
>>> >> * ALPN: curl offers http/1.1
>>> >> * ALPN: server accepted http/1.1
>>> >> * using HTTP/1.x
>>> >> > GET / HTTP/1.1
>>> >> > Host: www.youtube.com <http://www.youtube.com>
>>> <http://www.youtube.com <http://www.youtube.com>>
>>> >> > User-Agent: curl/8.8.0
>>> >> > Accept: */*
>>> >> >
>>> >> * Request completely sent off
>>> >> * schannel: remote party requests renegotiation
>>> >> * schannel: renegotiating SSL/TLS connection
>>> >> * schannel: SSL/TLS connection renegotiated
>>> >> * schannel: failed to decrypt data, need more data
>>> >> < HTTP/1.1 200 OK
>>> >> < Content-Type: text/html; charset=utf-8
>>> >> < X-Content-Type-Options: nosniff
>>> >> < Cache-Control: no-cache, no-store, max-age=0,
>>> must-revalidate
>>> >> < Pragma: no-cache
>>> >> < Expires: Mon, 01 Jan 1990 00:00:00 GMT
>>> >> < Date: Mon, 19 Aug 2024 16:02:23 GMT
>>> >> < X-Frame-Options: SAMEORIGIN
>>> >> < Strict-Transport-Security: max-age=31536000
>>> >> < Origin-Trial:
>>> >>
>>>
>>> AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hE
>>> AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+DsOo1jdjFnVr2IdxQ4AAA
>>> AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+B4eyJvcmlnaW4iOiJodHR
>>> AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+wczovL3lvdXR1YmUuY29t
>>> AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+OjQ0MyIsImZlYXR1cmUiO
>>> AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+iJXZWJWaWV3WFJlcXVlc3
>>> AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+RlZFdpdGhEZXByZWNhdGl
>>> AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+vbiIsImV4cGlyeSI6MTc1
>>> AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+ODA2NzE5OSwiaXNTdWJkb
>>> AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+21haW4iOnRydWV9
>>> >> < Cross-Origin-Opener-Policy: same-origin-allow-popups;
>>> >> report-to="youtube_main"
>>> >> < Report-To:
>>> >>
>>>
>>> {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https:
>>> //csp.withgoogle.com/csp/report-to/youtube_main
>>> <https://csp.withgoogle.com/csp/report-to/youtube_main>
>>> <https://csp.withgoogle.com/csp/report-to/youtube_main
>>> <https://csp.withgoogle.com/csp/report-to/youtube_main>>"}]}
>>> >> < Content-Security-Policy: require-trusted-types-for 'script'
>>> >> < Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*,
>>> >> ch-ua-full-version=*, ch-ua-full-version-list=*,
>>> ch-ua-model=*,
>>> >> ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*,
>>> >> ch-ua-platform-version=*
>>> >> < P3P: CP="This is not a P3P policy! See
>>> >> http://support.google.com/accounts/answer/151657?hl=en
>>> <http://support.google.com/accounts/answer/151657?hl=en>
>>> >> <http://support.google.com/accounts/answer/151657?hl=en
>>> <http://support.google.com/accounts/answer/151657?hl=en>> for
>>> more
>>> info."
>>> >> < Server: ESF
>>> >> < X-XSS-Protection: 0
>>> >> < Set-Cookie: GPS=1; Domain=.youtube.com <http://youtube.com>
>>> <http://youtube.com <http://youtube.com>>;
>>> >> Expires=Mon, 19-Aug-2024 16:32:23 GMT; Path=/; Secure;
>>> HttpOnly
>>> >> < Set-Cookie: YSC=XYs_jViLkFw; Domain=.youtube.com
>>> <http://youtube.com> <http://youtube.com <http://youtube.com>>;
>>> >> Path=/; Secure; HttpOnly; SameSite=none
>>> >> < Set-Cookie: VISITOR_INFO1_LIVE=csMabhlNyrI;
>>> Domain=.youtube.com <http://youtube.com>
>>> >> <http://youtube.com <http://youtube.com>>; Expires=Sat,
>>> 15-Feb-2025 16:02:23 GMT; Path=/;
>>> >> Secure; HttpOnly; SameSite=none
>>> >> < Set-Cookie: VISITOR_PRIVACY_METADATA=CgJJTBIEGgAgVw%3D%3D;
>>> >> Domain=.youtube.com <http://youtube.com> <http://youtube.com
>>> <http://youtube.com>>; Expires=Sat, 15-Feb-2025
>>> >> 16:02:23 GMT; Path=/; Secure; HttpOnly; SameSite=none
>>> >> < Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
>>> >> < Accept-Ranges: none
>>> >> < Vary: Accept-Encoding
>>> >> < Transfer-Encoding: chunked
>>> >> <
>>> >> { [3674 bytes data]
>>> >> * schannel: failed to decrypt data, need more data
>>> >> { [8008 bytes data]
>>> >> * schannel: failed to decrypt data, need more data
>>> >> { [6880 bytes data]
>>> >> * schannel: failed to decrypt data, need more data
>>> >> { [2752 bytes data]
>>> >> * schannel: failed to decrypt data, need more data
>>> >> { [5504 bytes data]
>>> >> * schannel: failed to decrypt data, need more data
>>> >> { [2462 bytes data]
>>> >> * schannel: failed to decrypt data, need more data
>>> >> { [4128 bytes data]
>>> >> * schannel: failed to decrypt data, need more data
>>> >> { [2752 bytes data]
>>> >> * schannel: failed to decrypt data, need more data
>>> >> { [2752 bytes data]
>>> >> * schannel: failed to decrypt data, need more data
>>> >> { [4128 bytes data]
>>> >> * schannel: failed to decrypt data, need more data
>>> >> { [2752 bytes data]
>>> >> * schannel: failed to decrypt data, need more data
>>> >> { [5504 bytes data]
>>> >> * schannel: failed to decrypt data, need more data
>>> >> { [5504 bytes data]
>>> >> * schannel: failed to decrypt data, need more data
>>> >> { [4128 bytes data]
>>> >> * schannel: failed to decrypt data, need more data
>>> >> { [5242 bytes data]
>>> >> * schannel: failed to decrypt data, need more data
>>> >> { [2752 bytes data]
>>> >> * schannel: failed to decrypt data, need more data
>>> >> { [2752 bytes data]
>>> >> * schannel: failed to decrypt data, need more data
>>> >> { [6922 bytes data]
>>> >> * schannel: failed to decrypt data, need more data
>>> >> { [2752 bytes data]
>>> >> * schannel: failed to decrypt data, need more data
>>> >> { [6880 bytes data]
>>> >> * schannel: failed to decrypt data, need more data
>>> >> { [20378 bytes data]
>>> >> * schannel: failed to decrypt data, need more data
>>> >> { [6880 bytes data]
>>> >> * schannel: failed to decrypt data, need more data
>>> >> { [5504 bytes data]
>>> >> * schannel: failed to decrypt data, need more data
>>> >> { [5504 bytes data]
>>> >> * schannel: failed to decrypt data, need more data
>>> >> { [3839 bytes data]
>>> >> * schannel: failed to decrypt data, need more data
>>> >> { [6880 bytes data]
>>> >> * schannel: failed to decrypt data, need more data
>>> >> { [9632 bytes data]
>>> >> * schannel: failed to decrypt data, need more data
>>> >> { [6880 bytes data]
>>> >> * schannel: failed to decrypt data, need more data
>>> >> { [2752 bytes data]
>>> >> * schannel: failed to decrypt data, need more data
>>> >> { [7994 bytes data]
>>> >> 100 193k 0 193k 0 0 293k 0 --:--:--
>>> --:--:--
>>> --:--:--
>>> >> 294k* schannel: failed to decrypt data, need more data
>>> >> { [28937 bytes data]
>>> >> * schannel: failed to decrypt data, need more data
>>> >> { [8414 bytes data]
>>> >> * schannel: failed to decrypt data, need more data
>>> >> { [9632 bytes data]
>>> >> * schannel: failed to decrypt data, need more data
>>> >> { [5504 bytes data]
>>> >> * schannel: failed to decrypt data, need more data
>>> >> { [5504 bytes data]
>>> >> * schannel: failed to decrypt data, need more data
>>> >> { [7852 bytes data]
>>> >> * schannel: failed to decrypt data, need more data
>>> >> { [5504 bytes data]
>>> >> * schannel: failed to decrypt data, need more data
>>> >> { [17888 bytes data]
>>> >> * schannel: failed to decrypt data, need more data
>>> >> { [19016 bytes data]
>>> >> * schannel: failed to decrypt data, need more data
>>> >> { [15136 bytes data]
>>> >> * schannel: failed to decrypt data, need more data
>>> >> { [10760 bytes data]
>>> >> * schannel: failed to decrypt data, need more data
>>> >> { [6880 bytes data]
>>> >> * schannel: failed to decrypt data, need more data
>>> >> { [34152 bytes data]
>>> >> * schannel: failed to decrypt data, need more data
>>> >> { [28648 bytes data]
>>> >> * schannel: failed to decrypt data, need more data
>>> >> { [33026 bytes data]
>>> >> * schannel: failed to decrypt data, need more data
>>> >> { [14888 bytes data]
>>> >> * schannel: failed to decrypt data, need more data
>>> >> { [24768 bytes data]
>>> >> * schannel: failed to decrypt data, need more data
>>> >> { [12136 bytes data]
>>> >> 100 498k 0 498k 0 0 665k 0 --:--:--
>>> --:--:--
>>> --:--:--
>>> >> 669k
>>> >> * Connection #0 to host www.youtube.com
>>> <http://www.youtube.com>
>>> <http://www.youtube.com <http://www.youtube.com>> left intact
>>> >>
>>> >> And the access.log:
>>> >> 1724083303.298 0 192.168.78.15 NONE_NONE/000 0 -
>>> >> error:invalid-request - HIER_NONE/- - -
>>> >> 1724083303.888 589 192.168.78.15 TCP_TUNNEL/200 529157
>>> CONNECT
>>> >> 142.250.185.78:443 <http://142.250.185.78:443>
>>> <http://142.250.185.78:443 <http://142.250.185.78:443>> -
>>> >> ORIGINAL_DST/142.250.185.78 <http://142.250.185.78>
>>> <http://142.250.185.78 <http://142.250.185.78>> - -
>>> >> 1724083307.305 0 192.168.78.15 NONE_NONE/000 0 -
>>> >> error:invalid-request - HIER_NONE/- - -
>>> >> 1724083307.908 603 192.168.78.15 TCP_TUNNEL/200 530241
>>> CONNECT
>>> >> 142.250.185.78:443 <http://142.250.185.78:443>
>>> <http://142.250.185.78:443 <http://142.250.185.78:443>> -
>>> >> ORIGINAL_DST/142.250.185.78 <http://142.250.185.78>
>>> <http://142.250.185.78 <http://142.250.185.78>> - -
>>> >> 1724083311.615 0 192.168.78.15 NONE_NONE/000 0 -
>>> >> error:invalid-request - HIER_NONE/- - -
>>> >> 1724083312.255 640 192.168.78.15 TCP_TUNNEL/200 528465
>>> CONNECT
>>> >> 142.250.185.78:443 <http://142.250.185.78:443>
>>> <http://142.250.185.78:443 <http://142.250.185.78:443>> -
>>> >> ORIGINAL_DST/142.250.185.78 <http://142.250.185.78>
>>> <http://142.250.185.78 <http://142.250.185.78>> - -
>>> >> 1724083316.666 0 192.168.78.15 NONE_NONE/000 0 -
>>> >> error:invalid-request - HIER_NONE/- - -
>>> >> 1724083317.315 649 192.168.78.15 TCP_TUNNEL/200 529617
>>> CONNECT
>>> >> 142.250.185.78:443 <http://142.250.185.78:443>
>>> <http://142.250.185.78:443 <http://142.250.185.78:443>> -
>>> >> ORIGINAL_DST/142.250.185.78 <http://142.250.185.78>
>>> <http://142.250.185.78 <http://142.250.185.78>> - -
>>> >> 1724083342.731 0 192.168.78.15 NONE_NONE/000 0 -
>>> >> error:invalid-request - HIER_NONE/- - -
>>> >> 1724083343.377 645 192.168.78.15 TCP_TUNNEL/200 528377
>>> CONNECT
>>> >> 142.250.185.78:443 <http://142.250.185.78:443>
>>> <http://142.250.185.78:443 <http://142.250.185.78:443>> -
>>> >> ORIGINAL_DST/142.250.185.78 <http://142.250.185.78>
>>> <http://142.250.185.78 <http://142.250.185.78>> - -
>>> >> 1724083378.565 0 192.168.78.15 NONE_NONE/000 0 -
>>> >> error:invalid-request - HIER_NONE/- - -
>>> >> 1724083378.801 0 192.168.78.15 NONE_NONE/000 0 -
>>> >> error:invalid-request - HIER_NONE/- - -
>>> >>
>>> >>
>>> >> ----
>>> >> Eliezer Croitoru
>>> >> Tech Support
>>> >> Mobile: +972-5-28704261
>>> >> Email: ngtech1ltd at gmail.com <mailto:ngtech1ltd at gmail.com>
>>> <mailto:ngtech1ltd at gmail.com <mailto:ngtech1ltd at gmail.com>>
>>> >>
>>> >>
>>> >> On Mon, Aug 19, 2024 at 3:21 PM Alex Rousskov
>>> >> <rousskov at measurement-factory.com
>>> <mailto:rousskov at measurement-factory.com>
>>> >> <mailto:rousskov at measurement-factory.com
>>> <mailto:rousskov at measurement-factory.com>>> wrote:
>>> >>
>>> >> On 2024-08-19 03:47, NgTech LTD wrote:
>>> >> > I am testing Squid 6.10 on Fedora 40 (their package).
>>> >> > And it seems that Squid is unable to bump clients
>>> (ESNI/ECH)?
>>> >> >
>>> >> > I had couple iterations of pek stare and bump and I
>>> am
>>> not sure
>>> >> what is
>>> >> > the reason for that:
>>> >>
>>> >> What do you use as a client? Judging by the number of
>>> >> error:invalid-request entries in your access.log, that
>>> client may
>>> >> not be
>>> >> speaking HTTP/1 inside those CONNECT tunnels.
>>> >>
>>> >> Does everything work for non-intercept ports?
>>> >>
>>> >> Does everything work in a basic curl or wget test?
>>> >>
>>> >> Does everything work when you remove "ssl-bump" and
>>> related
>>> options
>>> >> from
>>> >> intercepting http_port 33128?
>>> >>
>>> >> Does everything work when you use "ssl_bump splice all"
>>> instead of your
>>> >> current ssl_bump rule?
>>> >>
>>> >> Does everything work when you use "ssl_bump peek all"
>>> instead of your
>>> >> current ssl_bump rule?
>>> >>
>>> >> Alex.
>>> >>
>>> >>
>>> >> > shutdown_lifetime 3 seconds
>>> >> > external_acl_type whitelist-lookup-helper ipv4 ttl=10
>>> >> children-max=10
>>> >> > children-startup=2 \
>>> >> > children-idle=2 concurrency=10 %URI %SRC
>>> >> > /usr/local/bin/squid-conf-url-lookup.rb
>>> >> > acl whitelist-lookup external
>>> whitelist-lookup-helper
>>> >> > acl ytmethods method POST GET
>>> >> > acl localnet src 0.0.0.1-0.255.255.255 # RFC 1122
>>> "this" network
>>> >> (LAN)
>>> >> > acl localnet src 10.0.0.0/8 <http://10.0.0.0/8>
>>> <http://10.0.0.0/8 <http://10.0.0.0/8>>
>>> >> <http://10.0.0.0/8 <http://10.0.0.0/8>
>>> <http://10.0.0.0/8
>>> <http://10.0.0.0/8>>> # RFC 1918
>>> >> > local private network (LAN)
>>> >> > acl localnet src 100.64.0.0/10 <http://100.64.0.0/10>
>>> <http://100.64.0.0/10 <http://100.64.0.0/10>>
>>> >> <http://100.64.0.0/10 <http://100.64.0.0/10>
>>> <http://100.64.0.0/10 <http://100.64.0.0/10>>> # RFC
>>> >> > 6598 shared address space (CGN)
>>> >> > acl localnet src 169.254.0.0/16
>>> <http://169.254.0.0/16>
>>> <http://169.254.0.0/16 <http://169.254.0.0/16>>
>>> >> <http://169.254.0.0/16 <http://169.254.0.0/16>
>>> <http://169.254.0.0/16 <http://169.254.0.0/16>>> # RFC
>>> >> > 3927 link-local (directly plugged) machines
>>> >> > acl localnet src 172.16.0.0/12 <http://172.16.0.0/12>
>>> <http://172.16.0.0/12 <http://172.16.0.0/12>>
>>> >> <http://172.16.0.0/12 <http://172.16.0.0/12>
>>> <http://172.16.0.0/12 <http://172.16.0.0/12>>> # RFC
>>> >> > 1918 local private network (LAN)
>>> >> > acl localnet src 192.168.0.0/16
>>> <http://192.168.0.0/16>
>>> <http://192.168.0.0/16 <http://192.168.0.0/16>>
>>> >> <http://192.168.0.0/16 <http://192.168.0.0/16>
>>> <http://192.168.0.0/16 <http://192.168.0.0/16>>> # RFC
>>> >> > 1918 local private network (LAN)
>>> >> > acl localnet src fc00::/7 # RFC 4193
>>> local
>>> private
>>> >> network
>>> >> > range
>>> >> > acl localnet src fe80::/10 # RFC 4291
>>> link-local
>>> >> (directly
>>> >> > plugged) machines
>>> >> > acl SSL_ports port 443
>>> >> > acl Safe_ports port 80 # http
>>> >> > acl Safe_ports port 21 # ftp
>>> >> > acl Safe_ports port 443 # https
>>> >> > acl Safe_ports port 70 # gopher
>>> >> > acl Safe_ports port 210 # wais
>>> >> > acl Safe_ports port 1025-65535 # unregistered ports
>>> >> > acl Safe_ports port 280 # http-mgmt
>>> >> > acl Safe_ports port 488 # gss-http
>>> >> > acl Safe_ports port 591 # filemaker
>>> >> > acl Safe_ports port 777 # multiling http
>>> >> > http_access deny !Safe_ports
>>> >> > http_access deny CONNECT !SSL_ports
>>> >> > http_access allow localhost manager
>>> >> > http_access deny manager
>>> >> > http_access allow localhost
>>> >> > http_access deny to_localhost
>>> >> > http_access deny to_linklocal
>>> >> > acl tubedoms dstdomain .ytimg.com <http://ytimg.com>
>>> <http://ytimg.com <http://ytimg.com>>
>>> >> <http://ytimg.com <http://ytimg.com> <http://ytimg.com
>>> <http://ytimg.com>>> .youtube.com <http://youtube.com>
>>> <http://youtube.com <http://youtube.com>>
>>> >> > <http://youtube.com <http://youtube.com>
>>> <http://youtube.com <http://youtube.com>>> .youtu.be
>>> <http://youtu.be>
>>> >> <http://youtu.be <http://youtu.be>> <http://youtu.be
>>> <http://youtu.be> <http://youtu.be <http://youtu.be>>>
>>> >> > http_access allow ytmethods localnet tubedoms
>>> whitelist-lookup
>>> >> > http_access allow localnet
>>> >> > http_access deny all
>>> >> > http_port 3128
>>> >> > http_port 13128 ssl-bump
>>> tls-cert=/etc/squid/ssl/cert.pem
>>> >> > tls-key=/etc/squid/ssl/key.pem \
>>> >> > generate-host-certificates=on
>>> >> dynamic_cert_mem_cache_size=4MB
>>> >> > http_port 23128 tproxy ssl-bump
>>> tls-cert=/etc/squid/ssl/cert.pem
>>> >> > tls-key=/etc/squid/ssl/key.pem \
>>> >> > generate-host-certificates=on
>>> >> dynamic_cert_mem_cache_size=4MB
>>> >> > http_port 33128 intercept ssl-bump
>>> tls-cert=/etc/squid/ssl/cert.pem
>>> >> > tls-key=/etc/squid/ssl/key.pem \
>>> >> > generate-host-certificates=on
>>> >> dynamic_cert_mem_cache_size=4MB
>>> >> > sslcrtd_program
>>> /usr/lib64/squid/security_file_certgen -s
>>> >> > /var/spool/squid/ssl_db -M 4MB
>>> >> > sslcrtd_children 5
>>> >> > acl foreignProtocol squid_error ERR_PROTOCOL_UNKNOWN
>>> ERR_TOO_BIG
>>> >> > acl serverTalksFirstProtocol squid_error
>>> ERR_REQUEST_START_TIMEOUT
>>> >> > on_unsupported_protocol tunnel foreignProtocol
>>> >> > on_unsupported_protocol tunnel
>>> serverTalksFirstProtocol
>>> >> > on_unsupported_protocol respond all
>>> >> > acl monitoredSites ssl::server_name .youtube.com
>>> <http://youtube.com>
>>> >> <http://youtube.com <http://youtube.com>>
>>> <http://youtube.com <http://youtube.com> <http://youtube.com
>>> <http://youtube.com>>>
>>> >> > .ytimg.com <http://ytimg.com> <http://ytimg.com
>>> <http://ytimg.com>> <http://ytimg.com <http://ytimg.com>
>>> <http://ytimg.com <http://ytimg.com>>>
>>> >> > acl monitoredSitesRegex ssl::server_name_regex
>>> \.youtube\.com
>>> >> \.ytimg\.com
>>> >> > acl serverIsBank ssl::server_name .visa.com
>>> <http://visa.com> <http://visa.com <http://visa.com>>
>>> >> <http://visa.com <http://visa.com> <http://visa.com
>>> <http://visa.com>>>
>>> >> > acl step1 at_step SslBump1
>>> >> > acl step2 at_step SslBump2
>>> >> > acl step3 at_step SslBump3
>>> >> > ssl_bump bump all
>>> >> > strip_query_terms off
>>> >> > coredump_dir /var/spool/squid
>>> >> > refresh_pattern ^ftp: 1440 20% 10080
>>> >> > refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
>>> >> > refresh_pattern . 0 20% 4320
>>> >> > logformat ssl_custom_format %ts.%03tu %6tr %>a
>>> %Ss/%03>Hs %<st
>>> >> %rm %ru
>>> >> > %[un %Sh/%<a %mt %ssl::>sni
>>> >> > access_log daemon:/var/log/squid/access.log
>>> ssl_custom_format
>>> >> > ##EOF
>>> >> >
>>> >> > access.log from before:
>>> >> > 1724028804.797 486 192.168.78.15 TCP_TUNNEL/200
>>> 17764
>>> CONNECT
>>> >> > 40.126.31.73:443 <http://40.126.31.73:443>
>>> <http://40.126.31.73:443 <http://40.126.31.73:443>>
>>> >> <http://40.126.31.73:443 <http://40.126.31.73:443>
>>> <http://40.126.31.73:443 <http://40.126.31.73:443>>> -
>>> >> ORIGINAL_DST/40.126.31.73 <http://40.126.31.73>
>>> <http://40.126.31.73 <http://40.126.31.73>>
>>> >> > <http://40.126.31.73 <http://40.126.31.73>
>>> <http://40.126.31.73 <http://40.126.31.73>>> - -
>>> >> > 1724028805.413 0 192.168.78.15 NONE_NONE/000 0 -
>>> >> > error:invalid-request - HIER_NONE/- - -
>>> >> > 1724028806.028 0 192.168.78.15 NONE_NONE/000 0 -
>>> >> > error:invalid-request - HIER_NONE/- - -
>>> >> > 1724028806.028 0 192.168.78.15 NONE_NONE/000 0 -
>>> >> > error:invalid-request - HIER_NONE/- - -
>>> >> > 1724028806.029 0 192.168.78.15 NONE_NONE/000 0 -
>>> >> > error:invalid-request - HIER_NONE/- - -
>>> >> > 1724028806.030 0 192.168.78.15 NONE_NONE/000 0 -
>>> >> > error:invalid-request - HIER_NONE/- - -
>>> >> > 1724028806.085 57 192.168.78.15 TCP_TUNNEL/200
>>> 4513
>>> CONNECT
>>> >> > 104.18.72.113:443 <http://104.18.72.113:443>
>>> <http://104.18.72.113:443 <http://104.18.72.113:443>>
>>> >> <http://104.18.72.113:443 <http://104.18.72.113:443>
>>> <http://104.18.72.113:443 <http://104.18.72.113:443>>> -
>>> >> > ORIGINAL_DST/104.18.72.113 <http://104.18.72.113>
>>> <http://104.18.72.113 <http://104.18.72.113>>
>>> >> <http://104.18.72.113 <http://104.18.72.113>
>>> <http://104.18.72.113 <http://104.18.72.113>>> - -
>>> >> > 1724028806.086 56 192.168.78.15 TCP_TUNNEL/200
>>> 4513
>>> CONNECT
>>> >> > 104.18.72.113:443 <http://104.18.72.113:443>
>>> <http://104.18.72.113:443 <http://104.18.72.113:443>>
>>> >> <http://104.18.72.113:443 <http://104.18.72.113:443>
>>> <http://104.18.72.113:443 <http://104.18.72.113:443>>> -
>>> >> > ORIGINAL_DST/104.18.72.113 <http://104.18.72.113>
>>> <http://104.18.72.113 <http://104.18.72.113>>
>>> >> <http://104.18.72.113 <http://104.18.72.113>
>>> <http://104.18.72.113 <http://104.18.72.113>>> - -
>>> >> > 1724028806.086 56 192.168.78.15 TCP_TUNNEL/200
>>> 4512
>>> CONNECT
>>> >> > 104.18.72.113:443 <http://104.18.72.113:443>
>>> <http://104.18.72.113:443 <http://104.18.72.113:443>>
>>> >> <http://104.18.72.113:443 <http://104.18.72.113:443>
>>> <http://104.18.72.113:443 <http://104.18.72.113:443>>> -
>>> >> > ORIGINAL_DST/104.18.72.113 <http://104.18.72.113>
>>> <http://104.18.72.113 <http://104.18.72.113>>
>>> >> <http://104.18.72.113 <http://104.18.72.113>
>>> <http://104.18.72.113 <http://104.18.72.113>>> - -
>>> >> > 1724028806.208 0 192.168.78.15 NONE_NONE/000 0 -
>>> >> > error:invalid-request - HIER_NONE/- - -
>>> >> > 1724028806.213 0 192.168.78.15 NONE_NONE/000 0 -
>>> >> > error:invalid-request - HIER_NONE/- - -
>>> >> > 1724028806.338 0 192.168.78.15 NONE_NONE/000 0 -
>>> >> > error:invalid-request - HIER_NONE/- - -
>>> >> > 1724028806.469 0 192.168.78.15 NONE_NONE/000 0 -
>>> >> > error:invalid-request - HIER_NONE/- - -
>>> >> > 1724028806.596 0 192.168.78.15 NONE_NONE/000 0 -
>>> >> > error:invalid-request - HIER_NONE/- - -
>>> >> > 1724028807.006 0 192.168.78.15 NONE_NONE/000 0 -
>>> >> > error:invalid-request - HIER_NONE/- - -
>>> >> > 1724028807.262 0 192.168.78.15 NONE_NONE/000 0 -
>>> >> > error:invalid-request - HIER_NONE/- - -
>>> >> > 1724028808.922 5037 192.168.78.15 TCP_TUNNEL/200
>>> 6096
>>> CONNECT
>>> >> > 13.107.246.60:443 <http://13.107.246.60:443>
>>> <http://13.107.246.60:443 <http://13.107.246.60:443>>
>>> >> <http://13.107.246.60:443 <http://13.107.246.60:443>
>>> <http://13.107.246.60:443 <http://13.107.246.60:443>>> -
>>> >> > ORIGINAL_DST/13.107.246.60 <http://13.107.246.60>
>>> <http://13.107.246.60 <http://13.107.246.60>>
>>> >> <http://13.107.246.60 <http://13.107.246.60>
>>> <http://13.107.246.60 <http://13.107.246.60>>> - -
>>> >> > 1724028812.906 8336 192.168.78.15 TCP_TUNNEL/200
>>> 1071500 CONNECT
>>> >> > 104.126.37.171:443 <http://104.126.37.171:443>
>>> <http://104.126.37.171:443 <http://104.126.37.171:443>>
>>> >> <http://104.126.37.171:443 <http://104.126.37.171:443>
>>> <http://104.126.37.171:443 <http://104.126.37.171:443>>> -
>>> >> > ORIGINAL_DST/104.126.37.171 <http://104.126.37.171>
>>> <http://104.126.37.171 <http://104.126.37.171>>
>>> >> <http://104.126.37.171 <http://104.126.37.171>
>>> <http://104.126.37.171 <http://104.126.37.171>>> - -
>>> >> > 1724028819.209 247893 192.168.78.15 TCP_TUNNEL/200
>>> 4023
>>> CONNECT
>>> >> > 142.250.186.34:443 <http://142.250.186.34:443>
>>> <http://142.250.186.34:443 <http://142.250.186.34:443>>
>>> >> <http://142.250.186.34:443 <http://142.250.186.34:443>
>>> <http://142.250.186.34:443 <http://142.250.186.34:443>>> -
>>> >> > ORIGINAL_DST/142.250.186.34 <http://142.250.186.34>
>>> <http://142.250.186.34 <http://142.250.186.34>>
>>> >> <http://142.250.186.34 <http://142.250.186.34>
>>> <http://142.250.186.34 <http://142.250.186.34>>> - -
>>> >> > 1724028820.097 250033 192.168.78.15 TCP_TUNNEL/200
>>> 549611 CONNECT
>>> >> > 142.250.184.246:443 <http://142.250.184.246:443>
>>> <http://142.250.184.246:443 <http://142.250.184.246:443>>
>>> >> <http://142.250.184.246:443 <http://142.250.184.246:443>
>>> <http://142.250.184.246:443 <http://142.250.184.246:443>>> -
>>> >> > ORIGINAL_DST/142.250.184.246 <http://142.250.184.246>
>>> <http://142.250.184.246 <http://142.250.184.246>>
>>> >> <http://142.250.184.246 <http://142.250.184.246>
>>> <http://142.250.184.246 <http://142.250.184.246>>> - -
>>> >> > 1724028820.154 246850 192.168.78.15 TCP_TUNNEL/200
>>> 15119
>>> CONNECT
>>> >> > 216.58.206.65:443 <http://216.58.206.65:443>
>>> <http://216.58.206.65:443 <http://216.58.206.65:443>>
>>> >> <http://216.58.206.65:443 <http://216.58.206.65:443>
>>> <http://216.58.206.65:443 <http://216.58.206.65:443>>> -
>>> >> > ORIGINAL_DST/216.58.206.65 <http://216.58.206.65>
>>> <http://216.58.206.65 <http://216.58.206.65>>
>>> >> <http://216.58.206.65 <http://216.58.206.65>
>>> <http://216.58.206.65 <http://216.58.206.65>>> - -
>>> >> > 1724028820.164 246856 192.168.78.15 TCP_TUNNEL/200
>>> 3037
>>> CONNECT
>>> >> > 142.250.181.227:443 <http://142.250.181.227:443>
>>> <http://142.250.181.227:443 <http://142.250.181.227:443>>
>>> >> <http://142.250.181.227:443 <http://142.250.181.227:443>
>>> <http://142.250.181.227:443 <http://142.250.181.227:443>>> -
>>> >> > ORIGINAL_DST/142.250.181.227 <http://142.250.181.227>
>>> <http://142.250.181.227 <http://142.250.181.227>>
>>> >> <http://142.250.181.227 <http://142.250.181.227>
>>> <http://142.250.181.227 <http://142.250.181.227>>> - -
>>> >> > 1724028820.203 246893 192.168.78.15 TCP_TUNNEL/200
>>> 3031
>>> CONNECT
>>> >> > 172.217.16.196:443 <http://172.217.16.196:443>
>>> <http://172.217.16.196:443 <http://172.217.16.196:443>>
>>> >> <http://172.217.16.196:443 <http://172.217.16.196:443>
>>> <http://172.217.16.196:443 <http://172.217.16.196:443>>> -
>>> >> > ORIGINAL_DST/172.217.16.196 <http://172.217.16.196>
>>> <http://172.217.16.196 <http://172.217.16.196>>
>>> >> <http://172.217.16.196 <http://172.217.16.196>
>>> <http://172.217.16.196 <http://172.217.16.196>>> - -
>>> >> > 1724028822.656 271833 192.168.78.15 TCP_TUNNEL/200
>>> 387583 CONNECT
>>> >> > 142.250.185.238:443 <http://142.250.185.238:443>
>>> <http://142.250.185.238:443 <http://142.250.185.238:443>>
>>> >> <http://142.250.185.238:443 <http://142.250.185.238:443>
>>> <http://142.250.185.238:443 <http://142.250.185.238:443>>> -
>>> >> > ORIGINAL_DST/142.250.185.238 <http://142.250.185.238>
>>> <http://142.250.185.238 <http://142.250.185.238>>
>>> >> <http://142.250.185.238 <http://142.250.185.238>
>>> <http://142.250.185.238 <http://142.250.185.238>>> - -
>>> >> > 1724028830.336 0 192.168.78.15 NONE_NONE/000 0 -
>>> >> > error:invalid-request - HIER_NONE/- - -
>>> >> > 1724028830.781 444 192.168.78.15 TCP_TUNNEL/200
>>> 18505
>>> CONNECT
>>> >> > 40.126.31.73:443 <http://40.126.31.73:443>
>>> <http://40.126.31.73:443 <http://40.126.31.73:443>>
>>> >> <http://40.126.31.73:443 <http://40.126.31.73:443>
>>> <http://40.126.31.73:443 <http://40.126.31.73:443>>> -
>>> >> ORIGINAL_DST/40.126.31.73 <http://40.126.31.73>
>>> <http://40.126.31.73 <http://40.126.31.73>>
>>> >> > <http://40.126.31.73 <http://40.126.31.73>
>>> <http://40.126.31.73 <http://40.126.31.73>>> - -
>>> >> > 1724028841.781 155018 192.168.78.15 TCP_TUNNEL/200
>>> 15960
>>> CONNECT
>>> >> > 13.107.6.158:443 <http://13.107.6.158:443>
>>> <http://13.107.6.158:443 <http://13.107.6.158:443>>
>>> >> <http://13.107.6.158:443 <http://13.107.6.158:443>
>>> <http://13.107.6.158:443 <http://13.107.6.158:443>>> -
>>> >> ORIGINAL_DST/13.107.6.158 <http://13.107.6.158>
>>> <http://13.107.6.158 <http://13.107.6.158>>
>>> >> > <http://13.107.6.158 <http://13.107.6.158>
>>> <http://13.107.6.158 <http://13.107.6.158>>> - -
>>> >> > 1724028849.443 0 192.168.78.15 NONE_NONE/000 0 -
>>> >> > error:invalid-request - HIER_NONE/- - -
>>> >> > 1724028849.698 0 192.168.78.15 NONE_NONE/000 0 -
>>> >> > error:invalid-request - HIER_NONE/- - -
>>> >> > 1724028865.261 0 192.168.78.15 NONE_NONE/000 0 -
>>> >> > error:invalid-request - HIER_NONE/- - -
>>> >> > 1724028865.779 517 192.168.78.15 TCP_TUNNEL/200
>>> 18557
>>> CONNECT
>>> >> > 40.126.31.73:443 <http://40.126.31.73:443>
>>> <http://40.126.31.73:443 <http://40.126.31.73:443>>
>>> >> <http://40.126.31.73:443 <http://40.126.31.73:443>
>>> <http://40.126.31.73:443 <http://40.126.31.73:443>>> -
>>> >> ORIGINAL_DST/40.126.31.73 <http://40.126.31.73>
>>> <http://40.126.31.73 <http://40.126.31.73>>
>>> >> > <http://40.126.31.73 <http://40.126.31.73>
>>> <http://40.126.31.73 <http://40.126.31.73>>> - -
>>> >> > 1724028870.718 109994 192.168.78.15 TCP_TUNNEL/200
>>> 6972
>>> CONNECT
>>> >> > 20.42.65.94:443 <http://20.42.65.94:443>
>>> <http://20.42.65.94:443 <http://20.42.65.94:443>>
>>> <http://20.42.65.94:443 <http://20.42.65.94:443>
>>> >> <http://20.42.65.94:443 <http://20.42.65.94:443>>> -
>>> ORIGINAL_DST/20.42.65.94 <http://20.42.65.94>
>>> >> <http://20.42.65.94 <http://20.42.65.94>>
>>> >> > <http://20.42.65.94 <http://20.42.65.94>
>>> <http://20.42.65.94 <http://20.42.65.94>>> - -
>>> >> > 1724028871.179 64583 192.168.78.15 TCP_TUNNEL/200
>>> 1903
>>> CONNECT
>>> >> > 104.18.10.207:443 <http://104.18.10.207:443>
>>> <http://104.18.10.207:443 <http://104.18.10.207:443>>
>>> >> <http://104.18.10.207:443 <http://104.18.10.207:443>
>>> <http://104.18.10.207:443 <http://104.18.10.207:443>>> -
>>> >> > ORIGINAL_DST/104.18.10.207 <http://104.18.10.207>
>>> <http://104.18.10.207 <http://104.18.10.207>>
>>> >> <http://104.18.10.207 <http://104.18.10.207>
>>> <http://104.18.10.207 <http://104.18.10.207>>> - -
>>> >> > 1724028871.179 63917 192.168.78.15 TCP_TUNNEL/200
>>> 2430
>>> CONNECT
>>> >> > 142.250.186.99:443 <http://142.250.186.99:443>
>>> <http://142.250.186.99:443 <http://142.250.186.99:443>>
>>> >> <http://142.250.186.99:443 <http://142.250.186.99:443>
>>> <http://142.250.186.99:443 <http://142.250.186.99:443>>> -
>>> >> > ORIGINAL_DST/142.250.186.99 <http://142.250.186.99>
>>> <http://142.250.186.99 <http://142.250.186.99>>
>>> >> <http://142.250.186.99 <http://142.250.186.99>
>>> <http://142.250.186.99 <http://142.250.186.99>>> - -
>>> >> > 1724028871.179 64709 192.168.78.15 TCP_TUNNEL/200
>>> 2439
>>> CONNECT
>>> >> > 142.250.185.170:443 <http://142.250.185.170:443>
>>> <http://142.250.185.170:443 <http://142.250.185.170:443>>
>>> >> <http://142.250.185.170:443 <http://142.250.185.170:443>
>>> <http://142.250.185.170:443 <http://142.250.185.170:443>>> -
>>> >> > ORIGINAL_DST/142.250.185.170 <http://142.250.185.170>
>>> <http://142.250.185.170 <http://142.250.185.170>>
>>> >> <http://142.250.185.170 <http://142.250.185.170>
>>> <http://142.250.185.170 <http://142.250.185.170>>> - -
>>> >> > 1724028871.308 0 192.168.78.15 NONE_NONE/000 0 -
>>> >> > error:invalid-request - HIER_NONE/- - -
>>> >> > 1724028871.731 422 192.168.78.15 TCP_TUNNEL/200
>>> 17789
>>> CONNECT
>>> >> > 40.126.31.73:443 <http://40.126.31.73:443>
>>> <http://40.126.31.73:443 <http://40.126.31.73:443>>
>>> >> <http://40.126.31.73:443 <http://40.126.31.73:443>
>>> <http://40.126.31.73:443 <http://40.126.31.73:443>>> -
>>> >> ORIGINAL_DST/40.126.31.73 <http://40.126.31.73>
>>> <http://40.126.31.73 <http://40.126.31.73>>
>>> >> > <http://40.126.31.73 <http://40.126.31.73>
>>> <http://40.126.31.73 <http://40.126.31.73>>> - -
>>> >> > 1724028872.486 0 192.168.78.15 NONE_NONE/000 0 -
>>> >> > error:invalid-request - HIER_NONE/- - -
>>> >> > 1724028873.477 0 192.168.78.15 NONE_NONE/000 0 -
>>> >> > error:invalid-request - HIER_NONE/- - -
>>> >> > 1724028873.745 0 192.168.78.15 NONE_NONE/000 0 -
>>> >> > error:invalid-request - HIER_NONE/- - -
>>> >> > 1724028873.902 424 192.168.78.15 TCP_TUNNEL/200
>>> 18520
>>> CONNECT
>>> >> > 40.126.31.73:443 <http://40.126.31.73:443>
>>> <http://40.126.31.73:443 <http://40.126.31.73:443>>
>>> >> <http://40.126.31.73:443 <http://40.126.31.73:443>
>>> <http://40.126.31.73:443 <http://40.126.31.73:443>>> -
>>> >> ORIGINAL_DST/40.126.31.73 <http://40.126.31.73>
>>> <http://40.126.31.73 <http://40.126.31.73>>
>>> >> > <http://40.126.31.73 <http://40.126.31.73>
>>> <http://40.126.31.73 <http://40.126.31.73>>> - -
>>> >> > 1724028877.056 0 192.168.78.15 NONE_NONE/000 0 -
>>> >> > error:invalid-request - HIER_NONE/- - -
>>> >> > 1724028877.060 0 192.168.78.15 NONE_NONE/000 0 -
>>> >> > error:invalid-request - HIER_NONE/- - -
>>> >> > 1724028877.060 0 192.168.78.15 NONE_NONE/000 0 -
>>> >> > error:invalid-request - HIER_NONE/- - -
>>> >> > 1724028877.060 0 192.168.78.15 NONE_NONE/000 0 -
>>> >> > error:invalid-request - HIER_NONE/- - -
>>> >> > 1724028877.430 312389 192.168.78.15 TCP_TUNNEL/200
>>> 7884
>>> CONNECT
>>> >> > 142.250.186.78:443 <http://142.250.186.78:443>
>>> <http://142.250.186.78:443 <http://142.250.186.78:443>>
>>> >> <http://142.250.186.78:443 <http://142.250.186.78:443>
>>> <http://142.250.186.78:443 <http://142.250.186.78:443>>> -
>>> >> > ORIGINAL_DST/142.250.186.78 <http://142.250.186.78>
>>> <http://142.250.186.78 <http://142.250.186.78>>
>>> >> <http://142.250.186.78 <http://142.250.186.78>
>>> <http://142.250.186.78 <http://142.250.186.78>>> - -
>>> >> > 1724028878.800 0 192.168.78.15 NONE_NONE/000 0 -
>>> >> > error:invalid-request - HIER_NONE/- - -
>>> >> > 1724028878.920 0 192.168.78.15 NONE_NONE/000 0 -
>>> >> > error:invalid-request - HIER_NONE/- - -
>>> >> > 1724028879.072 0 192.168.78.15 NONE_NONE/000 0 -
>>> >> > error:invalid-request - HIER_NONE/- - -
>>> >> > 1724028880.808 7062 192.168.78.15 TCP_TUNNEL/200
>>> 836391 CONNECT
>>> >> > 104.126.37.145:443 <http://104.126.37.145:443>
>>> <http://104.126.37.145:443 <http://104.126.37.145:443>>
>>> >> <http://104.126.37.145:443 <http://104.126.37.145:443>
>>> <http://104.126.37.145:443 <http://104.126.37.145:443>>> -
>>> >> > ORIGINAL_DST/104.126.37.145 <http://104.126.37.145>
>>> <http://104.126.37.145 <http://104.126.37.145>>
>>> >> <http://104.126.37.145 <http://104.126.37.145>
>>> <http://104.126.37.145 <http://104.126.37.145>>> - -
>>> >> > 1724028882.468 33024 192.168.78.15 TCP_TUNNEL/200
>>> 1488697 CONNECT
>>> >> > 49.12.59.2:443 <http://49.12.59.2:443>
>>> <http://49.12.59.2:443 <http://49.12.59.2:443>>
>>> <http://49.12.59.2:443 <http://49.12.59.2:443>
>>> >> <http://49.12.59.2:443 <http://49.12.59.2:443>>> -
>>> ORIGINAL_DST/49.12.59.2 <http://49.12.59.2> <http://49.12.59.2
>>> <http://49.12.59.2>>
>>> >> > <http://49.12.59.2 <http://49.12.59.2>
>>> <http://49.12.59.2 <http://49.12.59.2>>> - -
>>> >> > 1724028883.728 6671 192.168.78.15 TCP_TUNNEL/200
>>> 69351
>>> CONNECT
>>> >> > 52.216.185.251:443 <http://52.216.185.251:443>
>>> <http://52.216.185.251:443 <http://52.216.185.251:443>>
>>> >> <http://52.216.185.251:443 <http://52.216.185.251:443>
>>> <http://52.216.185.251:443 <http://52.216.185.251:443>>> -
>>> >> > ORIGINAL_DST/52.216.185.251 <http://52.216.185.251>
>>> <http://52.216.185.251 <http://52.216.185.251>>
>>> >> <http://52.216.185.251 <http://52.216.185.251>
>>> <http://52.216.185.251 <http://52.216.185.251>>> - -
>>> >> > 1724028883.789 6728 192.168.78.15 TCP_TUNNEL/200
>>> 69216
>>> CONNECT
>>> >> > 52.216.185.251:443 <http://52.216.185.251:443>
>>> <http://52.216.185.251:443 <http://52.216.185.251:443>>
>>> >> <http://52.216.185.251:443 <http://52.216.185.251:443>
>>> <http://52.216.185.251:443 <http://52.216.185.251:443>>> -
>>> >> > ORIGINAL_DST/52.216.185.251 <http://52.216.185.251>
>>> <http://52.216.185.251 <http://52.216.185.251>>
>>> >> <http://52.216.185.251 <http://52.216.185.251>
>>> <http://52.216.185.251 <http://52.216.185.251>>> - -
>>> >> > 1724028883.797 6736 192.168.78.15 TCP_TUNNEL/200
>>> 104657 CONNECT
>>> >> > 52.216.185.251:443 <http://52.216.185.251:443>
>>> <http://52.216.185.251:443 <http://52.216.185.251:443>>
>>> >> <http://52.216.185.251:443 <http://52.216.185.251:443>
>>> <http://52.216.185.251:443 <http://52.216.185.251:443>>> -
>>> >> > ORIGINAL_DST/52.216.185.251 <http://52.216.185.251>
>>> <http://52.216.185.251 <http://52.216.185.251>>
>>> >> <http://52.216.185.251 <http://52.216.185.251>
>>> <http://52.216.185.251 <http://52.216.185.251>>> - -
>>> >> > 1724028883.845 6784 192.168.78.15 TCP_TUNNEL/200
>>> 80277
>>> CONNECT
>>> >> > 52.216.185.251:443 <http://52.216.185.251:443>
>>> <http://52.216.185.251:443 <http://52.216.185.251:443>>
>>> >> <http://52.216.185.251:443 <http://52.216.185.251:443>
>>> <http://52.216.185.251:443 <http://52.216.185.251:443>>> -
>>> >> > ORIGINAL_DST/52.216.185.251 <http://52.216.185.251>
>>> <http://52.216.185.251 <http://52.216.185.251>>
>>> >> <http://52.216.185.251 <http://52.216.185.251>
>>> <http://52.216.185.251 <http://52.216.185.251>>> - -
>>> >> > 1724028884.460 170355 192.168.78.15 TCP_TUNNEL/200
>>> 44690
>>> CONNECT
>>> >> > 185.199.108.153:443 <http://185.199.108.153:443>
>>> <http://185.199.108.153:443 <http://185.199.108.153:443>>
>>> >> <http://185.199.108.153:443 <http://185.199.108.153:443>
>>> <http://185.199.108.153:443 <http://185.199.108.153:443>>> -
>>> >> > ORIGINAL_DST/185.199.108.153 <http://185.199.108.153>
>>> <http://185.199.108.153 <http://185.199.108.153>>
>>> >> <http://185.199.108.153 <http://185.199.108.153>
>>> <http://185.199.108.153 <http://185.199.108.153>>> - -
>>> >> > 1724028889.845 120370 192.168.78.15 TCP_TUNNEL/200
>>> 5868
>>> CONNECT
>>> >> > 104.126.37.161:443 <http://104.126.37.161:443>
>>> <http://104.126.37.161:443 <http://104.126.37.161:443>>
>>> >> <http://104.126.37.161:443 <http://104.126.37.161:443>
>>> <http://104.126.37.161:443 <http://104.126.37.161:443>>> -
>>> >> > ORIGINAL_DST/104.126.37.161 <http://104.126.37.161>
>>> <http://104.126.37.161 <http://104.126.37.161>>
>>> >> <http://104.126.37.161 <http://104.126.37.161>
>>> <http://104.126.37.161 <http://104.126.37.161>>> - -
>>> >> > 1724028890.011 122862 192.168.78.15 TCP_TUNNEL/200
>>> 136726 CONNECT
>>> >> > 23.37.37.211:443 <http://23.37.37.211:443>
>>> <http://23.37.37.211:443 <http://23.37.37.211:443>>
>>> >> <http://23.37.37.211:443 <http://23.37.37.211:443>
>>> <http://23.37.37.211:443 <http://23.37.37.211:443>>> -
>>> >> ORIGINAL_DST/23.37.37.211 <http://23.37.37.211>
>>> <http://23.37.37.211 <http://23.37.37.211>>
>>> >> > <http://23.37.37.211 <http://23.37.37.211>
>>> <http://23.37.37.211 <http://23.37.37.211>>> - -
>>> >> > 1724028890.297 120381 192.168.78.15 TCP_TUNNEL/200
>>> 9176
>>> CONNECT
>>> >> > 2.18.140.238:443 <http://2.18.140.238:443>
>>> <http://2.18.140.238:443 <http://2.18.140.238:443>>
>>> >> <http://2.18.140.238:443 <http://2.18.140.238:443>
>>> <http://2.18.140.238:443 <http://2.18.140.238:443>>> -
>>> >> ORIGINAL_DST/2.18.140.238 <http://2.18.140.238>
>>> <http://2.18.140.238 <http://2.18.140.238>>
>>> >> > <http://2.18.140.238 <http://2.18.140.238>
>>> <http://2.18.140.238 <http://2.18.140.238>>> - -
>>> >> > 1724028891.212 0 192.168.78.15 NONE_NONE/000 0 -
>>> >> > error:invalid-request - HIER_NONE/- - -
>>> >> > 1724028891.365 152 192.168.78.15 TCP_TUNNEL/200
>>> 2359
>>> CONNECT
>>> >> > 142.250.185.138:443 <http://142.250.185.138:443>
>>> <http://142.250.185.138:443 <http://142.250.185.138:443>>
>>> >> <http://142.250.185.138:443 <http://142.250.185.138:443>
>>> <http://142.250.185.138:443 <http://142.250.185.138:443>>> -
>>> >> > ORIGINAL_DST/142.250.185.138 <http://142.250.185.138>
>>> <http://142.250.185.138 <http://142.250.185.138>>
>>> >> <http://142.250.185.138 <http://142.250.185.138>
>>> <http://142.250.185.138 <http://142.250.185.138>>> - -
>>> >> > 1724028893.885 90253 192.168.78.15 TCP_TUNNEL/200
>>> 6374
>>> CONNECT
>>> >> > 13.107.246.60:443 <http://13.107.246.60:443>
>>> <http://13.107.246.60:443 <http://13.107.246.60:443>>
>>> >> <http://13.107.246.60:443 <http://13.107.246.60:443>
>>> <http://13.107.246.60:443 <http://13.107.246.60:443>>> -
>>> >> > ORIGINAL_DST/13.107.246.60 <http://13.107.246.60>
>>> <http://13.107.246.60 <http://13.107.246.60>>
>>> >> <http://13.107.246.60 <http://13.107.246.60>
>>> <http://13.107.246.60 <http://13.107.246.60>>> - -
>>> >> > 1724028900.169 0 192.168.78.15 NONE_NONE/000 0 -
>>> >> > error:invalid-request - HIER_NONE/- - -
>>> >> > 1724028934.465 900262 192.168.78.15 TCP_TUNNEL/200
>>> 5530
>>> CONNECT
>>> >> > 52.123.243.197:443 <http://52.123.243.197:443>
>>> <http://52.123.243.197:443 <http://52.123.243.197:443>>
>>> >> <http://52.123.243.197:443 <http://52.123.243.197:443>
>>> <http://52.123.243.197:443 <http://52.123.243.197:443>>> -
>>> >> > ORIGINAL_DST/52.123.243.197 <http://52.123.243.197>
>>> <http://52.123.243.197 <http://52.123.243.197>>
>>> >> <http://52.123.243.197 <http://52.123.243.197>
>>> <http://52.123.243.197 <http://52.123.243.197>>> - -
>>> >> > 1724028960.494 60324 192.168.78.15 TCP_TUNNEL/503 0
>>> CONNECT
>>> >> > 172.217.16.206:443 <http://172.217.16.206:443>
>>> <http://172.217.16.206:443 <http://172.217.16.206:443>>
>>> >> <http://172.217.16.206:443 <http://172.217.16.206:443>
>>> <http://172.217.16.206:443 <http://172.217.16.206:443>>> -
>>> >> > ORIGINAL_DST/172.217.16.206 <http://172.217.16.206>
>>> <http://172.217.16.206 <http://172.217.16.206>>
>>> >> <http://172.217.16.206 <http://172.217.16.206>
>>> <http://172.217.16.206 <http://172.217.16.206>>> - -
>>> >> > 1724028960.494 0 192.168.78.15 NONE_NONE/000 0 -
>>> >> > error:transaction-end-before-headers - HIER_NONE/- -
>>> -
>>> >> >
>>> >> > Thanks for any help,
>>> >> >
>>> >> >
>>> >> > ----
>>> >> > Eliezer Croitoru
>>> >> > Tech Support
>>> >> > Mobile: +972-5-28704261
>>> >> > Email: ngtech1ltd at gmail.com
>>> <mailto:ngtech1ltd at gmail.com> <mailto:ngtech1ltd at gmail.com
>>> <mailto:ngtech1ltd at gmail.com>>
>>> >> <mailto:ngtech1ltd at gmail.com
>>> <mailto:ngtech1ltd at gmail.com>
>>> <mailto:ngtech1ltd at gmail.com <mailto:ngtech1ltd at gmail.com>>>
>>> >
>>> >
>>> > _______________________________________________
>>> > squid-users mailing list
>>> > squid-users at lists.squid-cache.org
>>> <mailto:squid-users at lists.squid-cache.org>
>>> > https://lists.squid-cache.org/listinfo/squid-users
>>> <https://lists.squid-cache.org/listinfo/squid-users>
>>>
>>> _______________________________________________
>>> squid-users mailing list
>>> squid-users at lists.squid-cache.org
>>> <mailto:squid-users at lists.squid-cache.org>
>>> https://lists.squid-cache.org/listinfo/squid-users
>>> <https://lists.squid-cache.org/listinfo/squid-users>
>>>
>>
>> _______________________________________________
>> squid-users mailing list
>> squid-users at lists.squid-cache.org
>> https://lists.squid-cache.org/listinfo/squid-users
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> https://lists.squid-cache.org/listinfo/squid-users
More information about the squid-users
mailing list