no problem Eliezer im just doing few test of my own on this to see why
On Tue, 2 Aug 2022 at 16:41, <ngtech1...@gmail.com> wrote: > Hey Robert, > > > > It’s not a dumb question. > > It’s a really fine question. > > I want to answer to your question but I have couple obligations. > > If you are willing to wait couple days I will probably be much free and > will be able to sit and understand what the answer and then to answer > properly. > > > > For a great question deserves a great answer. > > > > Yours, > > Eliezer > > > > ---- > > Eliezer Croitoru > > NgTech, Tech Support > > Mobile: +972-5-28704261 > > Email: ngtech1...@gmail.com > > Web: https://ngtech.co.il/ > > My-Tube: https://tube.ngtech.co.il/ > > > > *From:* robert k Wild <robertkw...@gmail.com> > *Sent:* Tuesday, 2 August 2022 18:24 > *To:* Eliezer Croitoru <ngtech1...@gmail.com> > *Cc:* Squid Users <squid-users@lists.squid-cache.org> > *Subject:* Re: [squid-users] regex for normal websites > > > > mmm... so i just want to know and really sorry for the dumb question, so > > > > adobe\.com$ > > > > works but then again if a website was eg > > > > hackadobe\.com$ > > > > that would work as well probably, so i want to do something like this > > > > \.adobe\.com$ > > > > ie put a dot . infront of adobe so > > > > www.adobe.com or > > account.adobe.com > > > > would work but then > > > > hackadobe\.com$ > > > > would no longer work > > > > > > > > > > On Tue, 2 Aug 2022 at 15:27, <ngtech1...@gmail.com> wrote: > > Hey Robert, > > > > I will test this with latest squid and my Apps helper and will verify. > > > > Thanks, > > Eliezer > > > > ---- > > Eliezer Croitoru > > NgTech, Tech Support > > Mobile: +972-5-28704261 > > Email: ngtech1...@gmail.com > > Web: https://ngtech.co.il/ > > My-Tube: https://tube.ngtech.co.il/ > > > > *From:* robert k Wild <robertkw...@gmail.com> > *Sent:* Tuesday, 2 August 2022 15:15 > *To:* Eliezer Croitoru <ngtech1...@gmail.com> > *Cc:* Squid Users <squid-users@lists.squid-cache.org> > *Subject:* Re: [squid-users] regex for normal websites > > > > ok i have tested and this works > > > > adobe\.com$ > > > > i found it weird this didnt work > > > > \.adobe\.com > > > > just curious thats all > > > > On Tue, 2 Aug 2022 at 13:05, <ngtech1...@gmail.com> wrote: > > I believe it should have been: > > ^adobe\.com$ > > ^.*\.adobe\.com$ > > ^\*\.adobe\.com$ > > > > But I don’t know the code to this depth. > > If I would have written the match I think it would have been something a > bit different. > > - A match for SNI > - A joker match for SAN ie *.adobe.com SAN should catch both > www.www.adobe.com > > > > But for some reason it’s not like that, I assume the browsers and the > libraries doesn’t implement it for an unknown reason. > > > > If Alex or anyone else from Factory knows the details of the ACL they can > answer more then me. > > > > Thanks, > > Eliezer > > > > ---- > > Eliezer Croitoru > > NgTech, Tech Support > > Mobile: +972-5-28704261 > > Email: ngtech1...@gmail.com > > Web: https://ngtech.co.il/ > > My-Tube: https://tube.ngtech.co.il/ > > > > *From:* robert k Wild <robertkw...@gmail.com> > *Sent:* Tuesday, 2 August 2022 14:51 > *To:* Eliezer Croitoru <ngtech1...@gmail.com> > *Cc:* Squid Users <squid-users@lists.squid-cache.org> > *Subject:* Re: [squid-users] regex for normal websites > > > > thanks Eliezer > > > > so it should be > > > > adobe\.com > > > > not > > > > .adobe.\com or > > > > ^.*adobe.com > > > > as the ^.* could include > > > > blahadobe.com > > > > > > > > On Thu, 28 Jul 2022 at 08:14, <ngtech1...@gmail.com> wrote: > > Hey Robert, > > > > The docs at http://www.squid-cache.org/Doc/config/acl/ states: > > > > acl aclname ssl::server_name_regex [-i] \.foo\.com ... > > # regex matches server name obtained from various sources [fast] > > > > Which and I do not know exactly what it means but it will not work with a > helper in most cases. > > I have found the in the git the next sources: > > > https://github.com/squid-cache/squid/blob/bf95c10aa95bf8e56d9d8d1545cb5a3aafab0d2c/doc/release-notes/release-3.5.sgml#L414 > > > > New types ssl::server_name and ssl::server_name_regex > > to match server name from various sources (CONNECT > authority name, > > TLS SNI domain, or X.509 certificate Subject Name). > > > > Which means that there is a set of checks which the acl does and not just > a domain name. > > It’s also even possible that the domain name is not know in the CONNECT > state of the connection. > > If I remember correctly there is a possibility for browsers to use the > same exact connection for multiple domains but > I have not seen this yet in production. > > With Squid once you bump the connection to HTTP/1.x you can make 100% sure > the features of the Host header request. > > > > At Servername.cc ie: > > > https://github.com/squid-cache/squid/blob/aee3523a768aff4d1e6c1195c4a401b4ef5688a0/src/acl/ServerName.cc#L81 > > > > There is a specific logic of what is done and what is matched but I am not > sure what would be used in the case of: > > *.adobe.com > > > > Certificate SAN. > > > > Specifically This part of the Common Names ie SAN: > > > https://github.com/squid-cache/squid/blob/aee3523a768aff4d1e6c1195c4a401b4ef5688a0/src/acl/ServerName.cc#L105 > > > > which to my understanding points to: > > > https://github.com/squid-cache/squid/blob/d146da3bfe7083381ae7ab38640cbfd0d2542374/src/ssl/support.cc#L195 > > > > doesn’t make any sense to me.( didn’t tried that much to understand) > > > > If someone might be able to make sense of things in a synchronic fashion > it would help. > > (I do not see any debugs usage there or any helping comment ) > > > > Thanks, > > Eliezer > > > > ---- > > Eliezer Croitoru > > NgTech, Tech Support > > Mobile: +972-5-28704261 > > Email: ngtech1...@gmail.com > > Web: https://ngtech.co.il/ > > My-Tube: https://tube.ngtech.co.il/ > > > > *From:* squid-users <squid-users-boun...@lists.squid-cache.org> *On > Behalf Of *robert k Wild > *Sent:* Wednesday, 27 July 2022 13:52 > *To:* Squid Users <squid-users@lists.squid-cache.org> > *Subject:* Re: [squid-users] regex for normal websites > > > > that's the weird thing, when i try this in "ssl::server_name_regex" > > .adobe.com > > > > it doesnt work > > > > you mean escape ie the \ character > > > > > > > > > > > > On Wed, 27 Jul 2022 at 11:05, Matus UHLAR - fantomas <uh...@fantomas.sk> > wrote: > > On 27.07.22 10:54, robert k Wild wrote: > >think i got it right but just want to double check with you guys > > > >so in my "ssl::server_name" i had > >.adobe.com > > > >that worked but i want to mix normal website and regex websites together > so > >i just have one list for all > > didn't the above work? AFAIK it should, IIRC domain matching in squid > matches "domain.com" if you check for ".domain.com". > > >i now have this for "ssl::server_name_regex" > >^.*adobe.com$ > > > >it works, so im guessing its right > > the dot should be escaped > > > -- > Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ > Warning: I wish NOT to receive e-mail advertising to this address. > Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. > BSE = Mad Cow Desease ... BSA = Mad Software Producents Desease > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users > > > > > -- > > Regards, > > Robert K Wild. > > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users > > > > -- > > Regards, > > Robert K Wild. > > > > > -- > > Regards, > > Robert K Wild. > > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users > > > > > -- > > Regards, > > Robert K Wild. > -- Regards, Robert K Wild.
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
