On 28/06/17 03:46, Cherukuri, Naresh wrote:
Hi,
Thank You for quick turnover, as per your request I changed squid config
like below, still I going to www.google.com
acl CONNECT method CONNECT
acl sslconnect dstdomain -i https://www.google.com
acl GoogleRecaptcha url_regex ^https://www.google.com/recaptcha/$
http_access allow CONNECT sslconnect
Er. That will never work.
* Firstly because "https://..."; are not valid dstdomain values.
* Secondly because as the CONNECT message uses an authority-form URL
structure, not an absolute-form URL.
Your Squid will simply not see the https:// URL unless you are
decrypting the TLS tunnel inside the CONNECT payload. That means
SSL-Bump functionality is mandatory for what you are attempting to do.
Also, be aware that Google services are using HSTS and certificate
pinning. So SSL-Bump is much more likely not to work for their URLs.
Amos
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
