[squid-users] Google recaptcha use

Dsant fab at votreservice.com
Tue Feb 20 15:41:47 UTC 2024

Previous message (by thread): [squid-users] Google recaptcha use
Next message (by thread): [squid-users] ICAP response to avoid backend
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Solved !

I had to add more than only google.com/recaptcha/ ...

So do : tail -f /var/log/squid/access.log

I had to add (not all mandatory) : .ireby.fr .mozilla.org 
.callnowbutton.com .googleapis.com .consentmanager.net 
.googletagmanager.com .gstatic.com

Thanks a lot.

Dsant from France


On 2/20/24 09:40, Stephen Borrill wrote:
> On 20/02/2024 08:06, Dsant wrote:
>> Hello, I set up a squid proxy, I want to allow some sites, Google 
>> recaptcha and block everything else.
>>
>> acl mydest dstdomain .projet-voltaire.fr
>> http_access allow mydest
>> acl  google_recaptcha url_regex ^www.google.com/recaptcha/$
>> http_access allow google_recaptcha
>> http_access deny all
>>
>> The captcha is not showing. A syntax error ?
>
> www.google.com is an HTTPS site. This means that from the point of 
> view of the proxy, only the hostname is visible (i.e. www.google.com) 
> and so your regex can never match. Look in your logs, you will see:
>
> CONNECT www.google.com
>
> and not:
>
> GET http://www.google.com/recaptcha/
>
> The only way round this is to use ssl_bump to intercept and decrypt 
> the traffic so that the HTTP request is visible. This is, however, not 
> for the faint-hearted and will require a CA certificate to be 
> installed on each client machine.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20240220/81a73297/attachment.htm>

Previous message (by thread): [squid-users] Google recaptcha use
Next message (by thread): [squid-users] ICAP response to avoid backend
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the squid-users mailing list