Sorry I'm a bit thick So I've read SSL::server_name_regex which uses sni is better than dstdomain_regex
So I think I'm better of using the sni one then ? On Fri, 20 May 2022, 12:20 Matus UHLAR - fantomas, <uh...@fantomas.sk> wrote: > On 20.05.22 11:21, robert k Wild wrote: > >So for SSL inspection, for squid to look into the URl headers, what's the > >better one > > > >Server name or > > > >DST domain > > I thought I have explained it: > dstdom_regex is from the request, not from the SSL data. > > >On Fri, 20 May 2022, 11:12 Matus UHLAR - fantomas, <uh...@fantomas.sk> > >wrote: > > > >> On 19.05.22 19:29, robert k Wild wrote: > >> >Think I found it but, what the difference between these two > >> > > >> >acl aclname ssl::server_name_regex [-i] \.foo\.com ... > >> > >> this one is taken from SNI option when squid looks at SSL handshake > >> parameters. > >> > >> >acl aclname dstdom_regex [-n] [-i] \.foo\.com ... > >> > >> this one is the one provided in clients' request, where SSL requests > >> usually > >> look like: > >> > >> CONNECT www.google.com:443 HTTP/1.0 > > -- > Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ > Warning: I wish NOT to receive e-mail advertising to this address. > Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. > Posli tento mail 100 svojim znamim - nech vidia aky si idiot > Send this email to 100 your friends - let them see what an idiot you are > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
