subject:"\[squid\-users\] Squid 3.5.19 how to find banking server name for no bump"

Re: [squid-users] Squid 3.5.19 how to find banking server name for no bump

2016-07-10 Thread Stanford Prescott

Thank you for that. I do already have a method set up via my squid proxy UI
to allow clients to bypass the squid proxy via iptables rules if they need
to.

On Wed, Jun 29, 2016 at 2:57 AM, Eliezer Croitoru 
wrote:

> Hey,
>
>
>
> I have seen that you are using squid in intercept mode either on Linux or
> some BSD.
>
> If there is a site\server that you don't want to enter squid at all you
> will need to bypass it in the FW\IPTABLES level.
>
> In linux you would be able to use some ipset list that will be bypassed
> from being intercepted.
>
> If you are interested reply and I will try to give you an example how to
> use it.
>
>
>
> Eliezer
>
>
>
> 
>
> Eliezer Croitoru <http://ngtech.co.il/lmgtfy/>
> Linux System Administrator
> Mobile: +972-5-28704261
> Email: elie...@ngtech.co.il
>
>
>
> *From:* squid-users [mailto:squid-users-boun...@lists.squid-cache.org] *On
> Behalf Of *Stanford Prescott
> *Sent:* Wednesday, June 29, 2016 2:56 AM
> *To:* Amos Jeffries
> *Cc:* squid-users
> *Subject:* Re: [squid-users] Squid 3.5.19 how to find banking server name
> for no bump
>
>
>
> I forgot to mention, I am using squid 3.5.19
>
>
>
> On Tue, Jun 28, 2016 at 6:47 PM, Stanford Prescott <
> stan.presc...@gmail.com> wrote:
>
> When I enter .wellsfargo.com in
>
>
>
> *acl tls_s1_connect at_step SslBump1*
>
> *acl tls_s2_client_hello at_step SslBump2*
>
> *acl tls_s3_server_hello at_step SslBump3*
>
>
>
> *acl tls_server_name_is_ip ssl::server_name_regex
> ^[0-9]+.[0-9]+.[0-9]+.[0-9]+n*
>
> *acl tls_allowed_hsts ssl::server_name .akamaihd.net <http://akamaihd.net>*
>
> *acl tls_server_is_bank ssl::server_name .wellsfargo.com
> <http://wellsfargo.com>*
>
> *acl tls_to_splice any-of tls_allowed_hsts tls_server_is_bank*
>
>
>
> *ssl_bump peek tls_s1_connect all*
>
> *ssl_bump splice tls_s2_client_hello tls_to_splice*
>
> *ssl_bump stare tls_s2_client_hello all*
>
> *ssl_bump bump tls_s3_server_hello all*
>
>
>
> it appears that the banking site is still getting bumped i.e.like in this
> access.log snippet
>
>
>
> *1467156887.817257 10.40.40.100 TAG_NONE/200 0 CONNECT
> 54.149.224.177:443 <http://54.149.224.177:443> -
> ORIGINAL_DST/54.149.224.177 <http://54.149.224.177> -*
>
> *1467156888.008 94 10.40.40.100 TCP_MISS/200 213 POST
> https://tiles.services.mozilla.com/v2/links/view
> <https://tiles.services.mozilla.com/v2/links/view> -
> ORIGINAL_DST/54.149.224.177 <http://54.149.224.177> application/json*
>
> *1467156893.774 75 10.40.40.100 TAG_NONE/200 0 CONNECT
> 172.230.102.185:443 <http://172.230.102.185:443> -
> ORIGINAL_DST/172.230.102.185 <http://172.230.102.185> -*
>
> *1467156893.847117 10.40.40.100 TAG_NONE/200 0 CONNECT
> 172.230.102.185:443 <http://172.230.102.185:443> -
> ORIGINAL_DST/172.230.102.185 <http://172.230.102.185> -*
>
> *1467156893.875120 10.40.40.100 TAG_NONE/200 0 CONNECT
> 172.230.221.75:443 <http://172.230.221.75:443> -
> ORIGINAL_DST/172.230.221.75 <http://172.230.221.75> -*
>
> *1467156893.875111 10.40.40.100 TAG_NONE/200 0 CONNECT
> 172.230.102.185:443 <http://172.230.102.185:443> -
> ORIGINAL_DST/172.230.102.185 <http://172.230.102.185> -*
>
> *1467156893.875117 10.40.40.100 TAG_NONE/200 0 CONNECT
> 172.230.221.75:443 <http://172.230.221.75:443> -
> ORIGINAL_DST/172.230.221.75 <http://172.230.221.75> -*
>
> *1467156893.875117 10.40.40.100 TAG_NONE/200 0 CONNECT
> 172.230.221.75:443 <http://172.230.221.75:443> -
> ORIGINAL_DST/172.230.221.75 <http://172.230.221.75> -*
>
> *1467156893.875112 10.40.40.100 TAG_NONE/200 0 CONNECT
> 172.230.102.185:443 <http://172.230.102.185:443> -
> ORIGINAL_DST/172.230.102.185 <http://172.230.102.185> -*
>
> *1467156893.875111 10.40.40.100 TAG_NONE/200 0 CONNECT
> 172.230.102.185:443 <http://172.230.102.185:443> -
> ORIGINAL_DST/172.230.102.185 <http://172.230.102.185> -*
>
> *1467156894.109307 10.40.40.100 TAG_NONE/200 0 CONNECT
> 172.230.102.185:443 <http://172.230.102.185:443> -
> ORIGINAL_DST/172.230.102.185 <http://172.230.102.185> -*
>
> *1467156894.109306 10.40.40.100 TAG_NONE/200 0 CONNECT
> 172.230.102.185:443 <http://172.230.102.185:443> -
> ORIGINAL_DST/172.230.102.185 <http://172.230.102.185> -*
>
> *1467156894.109307 10.40.40.100 TAG_NONE/200 0 CONNECT
> 172.230.102.185:443 <http://172.230.102.185:443> -
> ORIGINAL_DST/172.230.102.185 <http://172.230.102.185> -*
>
> *1467156894.109308 1

Re: [squid-users] Squid 3.5.19 how to find banking server name for no bump

2016-06-29 Thread Eliezer Croitoru

Hey,

 

I have seen that you are using squid in intercept mode either on Linux or some 
BSD.

If there is a site\server that you don't want to enter squid at all you will 
need to bypass it in the FW\IPTABLES level.

In linux you would be able to use some ipset list that will be bypassed from 
being intercepted.

If you are interested reply and I will try to give you an example how to use it.

 

Eliezer

 



 <http://ngtech.co.il/lmgtfy/> Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: elie...@ngtech.co.il



 

From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf 
Of Stanford Prescott
Sent: Wednesday, June 29, 2016 2:56 AM
To: Amos Jeffries
Cc: squid-users
Subject: Re: [squid-users] Squid 3.5.19 how to find banking server name for no 
bump

 

I forgot to mention, I am using squid 3.5.19

 

On Tue, Jun 28, 2016 at 6:47 PM, Stanford Prescott mailto:stan.presc...@gmail.com> > wrote:

When I enter .wellsfargo.com <http://wellsfargo.com>  in

 

acl tls_s1_connect at_step SslBump1

acl tls_s2_client_hello at_step SslBump2

acl tls_s3_server_hello at_step SslBump3

 

acl tls_server_name_is_ip ssl::server_name_regex ^[0-9]+.[0-9]+.[0-9]+.[0-9]+n

acl tls_allowed_hsts ssl::server_name .akamaihd.net <http://akamaihd.net> 

acl tls_server_is_bank ssl::server_name .wellsfargo.com <http://wellsfargo.com> 

acl tls_to_splice any-of tls_allowed_hsts tls_server_is_bank

 

ssl_bump peek tls_s1_connect all

ssl_bump splice tls_s2_client_hello tls_to_splice

ssl_bump stare tls_s2_client_hello all

ssl_bump bump tls_s3_server_hello all

 

it appears that the banking site is still getting bumped i.e.like in this 
access.log snippet

 

1467156887.817257 10.40.40.100 TAG_NONE/200 0 CONNECT 54.149.224.177:443 
<http://54.149.224.177:443>  - ORIGINAL_DST/54.149.224.177 
<http://54.149.224.177>  -

1467156888.008 94 10.40.40.100 TCP_MISS/200 213 POST 
https://tiles.services.mozilla.com/v2/links/view - ORIGINAL_DST/54.149.224.177 
<http://54.149.224.177>  application/json

1467156893.774 75 10.40.40.100 TAG_NONE/200 0 CONNECT 172.230.102.185:443 
<http://172.230.102.185:443>  - ORIGINAL_DST/172.230.102.185 
<http://172.230.102.185>  -

1467156893.847117 10.40.40.100 TAG_NONE/200 0 CONNECT 172.230.102.185:443 
<http://172.230.102.185:443>  - ORIGINAL_DST/172.230.102.185 
<http://172.230.102.185>  -

1467156893.875120 10.40.40.100 TAG_NONE/200 0 CONNECT 172.230.221.75:443 
<http://172.230.221.75:443>  - ORIGINAL_DST/172.230.221.75 
<http://172.230.221.75>  -

1467156893.875111 10.40.40.100 TAG_NONE/200 0 CONNECT 172.230.102.185:443 
<http://172.230.102.185:443>  - ORIGINAL_DST/172.230.102.185 
<http://172.230.102.185>  -

1467156893.875117 10.40.40.100 TAG_NONE/200 0 CONNECT 172.230.221.75:443 
<http://172.230.221.75:443>  - ORIGINAL_DST/172.230.221.75 
<http://172.230.221.75>  -

1467156893.875117 10.40.40.100 TAG_NONE/200 0 CONNECT 172.230.221.75:443 
<http://172.230.221.75:443>  - ORIGINAL_DST/172.230.221.75 
<http://172.230.221.75>  -

1467156893.875112 10.40.40.100 TAG_NONE/200 0 CONNECT 172.230.102.185:443 
<http://172.230.102.185:443>  - ORIGINAL_DST/172.230.102.185 
<http://172.230.102.185>  -

1467156893.875111 10.40.40.100 TAG_NONE/200 0 CONNECT 172.230.102.185:443 
<http://172.230.102.185:443>  - ORIGINAL_DST/172.230.102.185 
<http://172.230.102.185>  -

1467156894.109307 10.40.40.100 TAG_NONE/200 0 CONNECT 172.230.102.185:443 
<http://172.230.102.185:443>  - ORIGINAL_DST/172.230.102.185 
<http://172.230.102.185>  -

1467156894.109306 10.40.40.100 TAG_NONE/200 0 CONNECT 172.230.102.185:443 
<http://172.230.102.185:443>  - ORIGINAL_DST/172.230.102.185 
<http://172.230.102.185>  -

1467156894.109307 10.40.40.100 TAG_NONE/200 0 CONNECT 172.230.102.185:443 
<http://172.230.102.185:443>  - ORIGINAL_DST/172.230.102.185 
<http://172.230.102.185>  -

1467156894.109308 10.40.40.100 TAG_NONE/200 0 CONNECT 172.230.102.185:443 
<http://172.230.102.185:443>  - ORIGINAL_DST/172.230.102.185 
<http://172.230.102.185>  -

1467156895.488 72 10.40.40.100 TAG_NONE/200 0 CONNECT 216.58.194.98:443 
<http://216.58.194.98:443>  - ORIGINAL_DST/216.58.194.98 <http://216.58.194.98> 
 -

1467156895.513 98 10.40.40.100 TAG_NONE/200 0 CONNECT 216.58.194.70:443 
<http://216.58.194.70:443>  - ORIGINAL_DST/216.58.194.70 <http://216.58.194.70> 
 -

1467156895.648 66 10.40.40.100 TCP_MISS/302 739 GET 
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/974108101/?value=0
 
<https://googleads.g.doubleclick.net/pagead/viewthroughconversion/974108101/?value=0&guid=ON&script=0&data.prod=&data.subprod=&data.pageid=>
 &guid=ON&script=0&data.prod=&data.subp

Re: [squid-users] Squid 3.5.19 how to find banking server name for no bump

2016-06-28 Thread Amos Jeffries

On 29/06/2016 11:47 a.m., Stanford Prescott wrote:
> When I enter .wellsfargo.com in
> 
> *acl tls_s1_connect at_step SslBump1*
> *acl tls_s2_client_hello at_step SslBump2*
> *acl tls_s3_server_hello at_step SslBump3*
> 
> *acl tls_server_name_is_ip ssl::server_name_regex
> ^[0-9]+.[0-9]+.[0-9]+.[0-9]+n*
> *acl tls_allowed_hsts ssl::server_name .akamaihd.net *
> *acl tls_server_is_bank ssl::server_name .wellsfargo.com
> *
> *acl tls_to_splice any-of tls_allowed_hsts tls_server_is_bank*
> 
> *ssl_bump peek tls_s1_connect all*
> *ssl_bump splice tls_s2_client_hello tls_to_splice*
> *ssl_bump stare tls_s2_client_hello all*
> *ssl_bump bump tls_s3_server_hello all*
> 
> 
> it appears that the banking site is still getting bumped i.e.like in this
> access.log snippet
> 

Most of the log entries have a) a raw-IP and no SNI, b) a non-wellsfargo
domain name [Google advertising].

All uses of CONNECT *.wellsfargo.com I have spotted in there also have a
"TCP_TUNNEL" tag - which means splice was done in accordance with your
above config.

For example; To follow one client:

Initial raw-TCP connection handling (TAG_NONE). No SNI available yet ...

> *1467156900.838   5423 10.40.40.100 TAG_NONE/200 0 CONNECT
> 159.45.170.145:443  - HIER_NONE/- -*

... begin step-1 processing ...

[ Matches: ssl_bump peek tls_s1_connect all ]

[ Note that the wellsfargo ACL is not even reached at this stage. ]
[ If it did the string "159.45.170.145" != "*.wellsfargo.com" anyway ]

... which says to get the clientHello and SNI (if any) ...

> *1467156900.838   5088 10.40.40.100 TCP_TUNNEL/200 4631 CONNECT
> www.wellsfargo.com:443  -
> ORIGINAL_DST/159.45.170.145  -*

... begin step 2 processing. SNI available ...

[ The string "www.wellsfargo.com" ~= "*.wellsfargo.com" ]
[ Matches: ssl_bump splice tls_s2_client_hello tls_to_splice ]

... connection spliced (TCP_TUNNEL).

> 
> If I disable sslbumping then the bank site does not get bumped, of course.
> 
> 1467157349.321230 10.40.40.100 TCP_MISS/301 243 GET
> http://wellsfargo.com/ - ORIGINAL_DST/159.45.66.143 -
> 

That is http://, not HTTPS. ssl_bump has no relevance for plain-text
traffic.
The same thing would be done for that request regardless of what your
ssl_bump settings are.

Amos

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Squid 3.5.19 how to find banking server name for no bump

2016-06-28 Thread Stanford Prescott

I forgot to mention, I am using squid 3.5.19

On Tue, Jun 28, 2016 at 6:47 PM, Stanford Prescott 
wrote:

> When I enter .wellsfargo.com in
>
> *acl tls_s1_connect at_step SslBump1*
> *acl tls_s2_client_hello at_step SslBump2*
> *acl tls_s3_server_hello at_step SslBump3*
>
> *acl tls_server_name_is_ip ssl::server_name_regex
> ^[0-9]+.[0-9]+.[0-9]+.[0-9]+n*
> *acl tls_allowed_hsts ssl::server_name .akamaihd.net *
> *acl tls_server_is_bank ssl::server_name .wellsfargo.com
> *
> *acl tls_to_splice any-of tls_allowed_hsts tls_server_is_bank*
>
> *ssl_bump peek tls_s1_connect all*
> *ssl_bump splice tls_s2_client_hello tls_to_splice*
> *ssl_bump stare tls_s2_client_hello all*
> *ssl_bump bump tls_s3_server_hello all*
>
>
> it appears that the banking site is still getting bumped i.e.like in this
> access.log snippet
>
> *1467156887.817257 10.40.40.100 TAG_NONE/200 0 CONNECT
> 54.149.224.177:443  -
> ORIGINAL_DST/54.149.224.177  -*
> *1467156888.008 94 10.40.40.100 TCP_MISS/200 213 POST
> https://tiles.services.mozilla.com/v2/links/view
>  -
> ORIGINAL_DST/54.149.224.177  application/json*
> *1467156893.774 75 10.40.40.100 TAG_NONE/200 0 CONNECT
> 172.230.102.185:443  -
> ORIGINAL_DST/172.230.102.185  -*
> *1467156893.847117 10.40.40.100 TAG_NONE/200 0 CONNECT
> 172.230.102.185:443  -
> ORIGINAL_DST/172.230.102.185  -*
> *1467156893.875120 10.40.40.100 TAG_NONE/200 0 CONNECT
> 172.230.221.75:443  -
> ORIGINAL_DST/172.230.221.75  -*
> *1467156893.875111 10.40.40.100 TAG_NONE/200 0 CONNECT
> 172.230.102.185:443  -
> ORIGINAL_DST/172.230.102.185  -*
> *1467156893.875117 10.40.40.100 TAG_NONE/200 0 CONNECT
> 172.230.221.75:443  -
> ORIGINAL_DST/172.230.221.75  -*
> *1467156893.875117 10.40.40.100 TAG_NONE/200 0 CONNECT
> 172.230.221.75:443  -
> ORIGINAL_DST/172.230.221.75  -*
> *1467156893.875112 10.40.40.100 TAG_NONE/200 0 CONNECT
> 172.230.102.185:443  -
> ORIGINAL_DST/172.230.102.185  -*
> *1467156893.875111 10.40.40.100 TAG_NONE/200 0 CONNECT
> 172.230.102.185:443  -
> ORIGINAL_DST/172.230.102.185  -*
> *1467156894.109307 10.40.40.100 TAG_NONE/200 0 CONNECT
> 172.230.102.185:443  -
> ORIGINAL_DST/172.230.102.185  -*
> *1467156894.109306 10.40.40.100 TAG_NONE/200 0 CONNECT
> 172.230.102.185:443  -
> ORIGINAL_DST/172.230.102.185  -*
> *1467156894.109307 10.40.40.100 TAG_NONE/200 0 CONNECT
> 172.230.102.185:443  -
> ORIGINAL_DST/172.230.102.185  -*
> *1467156894.109308 10.40.40.100 TAG_NONE/200 0 CONNECT
> 172.230.102.185:443  -
> ORIGINAL_DST/172.230.102.185  -*
> *1467156895.488 72 10.40.40.100 TAG_NONE/200 0 CONNECT
> 216.58.194.98:443  - ORIGINAL_DST/216.58.194.98
>  -*
> *1467156895.513 98 10.40.40.100 TAG_NONE/200 0 CONNECT
> 216.58.194.70:443  - ORIGINAL_DST/216.58.194.70
>  -*
> *1467156895.648 66 10.40.40.100 TCP_MISS/302 739 GET
> https://googleads.g.doubleclick.net/pagead/viewthroughconversion/974108101/?value=0&guid=ON&script=0&data.prod=&data.subprod=&data.pageid=
> 
> - ORIGINAL_DST/216.58.194.98  image/gif*
> *1467156895.664 82 10.40.40.100 TCP_MISS/200 649 GET
> https://ad.doubleclick.net/activity;src=2549153;type=allv40;cat=all_a00;u1=11201507281102291611922021;ord=6472043235332.808
> ?
> - ORIGINAL_DST/216.58.194.70  image/gif*
> *1467156895.920250 10.40.40.100 TAG_NONE/200 0 CONNECT
> 24.155.92.60:443  - ORIGINAL_DST/24.155.92.60
>  -*
> *1467156896.061 79 10.40.40.100 TCP_MISS/200 503 GET
> https://www.google.com/ads/user-lists/974108101/?script=0&random=2433874630
> 
> - ORIGINAL_DST/24.155.92.60  image/gif*
> *1467156899.837   5727 10.40.40.100 TAG_NONE/200 0 CONNECT
> 159.45.66.156:443

Re: [squid-users] Squid 3.5.19 how to find banking server name for no bump

2016-06-28 Thread Stanford Prescott

When I enter .wellsfargo.com in

*acl tls_s1_connect at_step SslBump1*
*acl tls_s2_client_hello at_step SslBump2*
*acl tls_s3_server_hello at_step SslBump3*

*acl tls_server_name_is_ip ssl::server_name_regex
^[0-9]+.[0-9]+.[0-9]+.[0-9]+n*
*acl tls_allowed_hsts ssl::server_name .akamaihd.net *
*acl tls_server_is_bank ssl::server_name .wellsfargo.com
*
*acl tls_to_splice any-of tls_allowed_hsts tls_server_is_bank*

*ssl_bump peek tls_s1_connect all*
*ssl_bump splice tls_s2_client_hello tls_to_splice*
*ssl_bump stare tls_s2_client_hello all*
*ssl_bump bump tls_s3_server_hello all*


it appears that the banking site is still getting bumped i.e.like in this
access.log snippet

*1467156887.817257 10.40.40.100 TAG_NONE/200 0 CONNECT
54.149.224.177:443  -
ORIGINAL_DST/54.149.224.177  -*
*1467156888.008 94 10.40.40.100 TCP_MISS/200 213 POST
https://tiles.services.mozilla.com/v2/links/view
 -
ORIGINAL_DST/54.149.224.177  application/json*
*1467156893.774 75 10.40.40.100 TAG_NONE/200 0 CONNECT
172.230.102.185:443  -
ORIGINAL_DST/172.230.102.185  -*
*1467156893.847117 10.40.40.100 TAG_NONE/200 0 CONNECT
172.230.102.185:443  -
ORIGINAL_DST/172.230.102.185  -*
*1467156893.875120 10.40.40.100 TAG_NONE/200 0 CONNECT
172.230.221.75:443  -
ORIGINAL_DST/172.230.221.75  -*
*1467156893.875111 10.40.40.100 TAG_NONE/200 0 CONNECT
172.230.102.185:443  -
ORIGINAL_DST/172.230.102.185  -*
*1467156893.875117 10.40.40.100 TAG_NONE/200 0 CONNECT
172.230.221.75:443  -
ORIGINAL_DST/172.230.221.75  -*
*1467156893.875117 10.40.40.100 TAG_NONE/200 0 CONNECT
172.230.221.75:443  -
ORIGINAL_DST/172.230.221.75  -*
*1467156893.875112 10.40.40.100 TAG_NONE/200 0 CONNECT
172.230.102.185:443  -
ORIGINAL_DST/172.230.102.185  -*
*1467156893.875111 10.40.40.100 TAG_NONE/200 0 CONNECT
172.230.102.185:443  -
ORIGINAL_DST/172.230.102.185  -*
*1467156894.109307 10.40.40.100 TAG_NONE/200 0 CONNECT
172.230.102.185:443  -
ORIGINAL_DST/172.230.102.185  -*
*1467156894.109306 10.40.40.100 TAG_NONE/200 0 CONNECT
172.230.102.185:443  -
ORIGINAL_DST/172.230.102.185  -*
*1467156894.109307 10.40.40.100 TAG_NONE/200 0 CONNECT
172.230.102.185:443  -
ORIGINAL_DST/172.230.102.185  -*
*1467156894.109308 10.40.40.100 TAG_NONE/200 0 CONNECT
172.230.102.185:443  -
ORIGINAL_DST/172.230.102.185  -*
*1467156895.488 72 10.40.40.100 TAG_NONE/200 0 CONNECT
216.58.194.98:443  - ORIGINAL_DST/216.58.194.98
 -*
*1467156895.513 98 10.40.40.100 TAG_NONE/200 0 CONNECT
216.58.194.70:443  - ORIGINAL_DST/216.58.194.70
 -*
*1467156895.648 66 10.40.40.100 TCP_MISS/302 739 GET
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/974108101/?value=0&guid=ON&script=0&data.prod=&data.subprod=&data.pageid=

- ORIGINAL_DST/216.58.194.98  image/gif*
*1467156895.664 82 10.40.40.100 TCP_MISS/200 649 GET
https://ad.doubleclick.net/activity;src=2549153;type=allv40;cat=all_a00;u1=11201507281102291611922021;ord=6472043235332.808
?
- ORIGINAL_DST/216.58.194.70  image/gif*
*1467156895.920250 10.40.40.100 TAG_NONE/200 0 CONNECT 24.155.92.60:443
 - ORIGINAL_DST/24.155.92.60 
-*
*1467156896.061 79 10.40.40.100 TCP_MISS/200 503 GET
https://www.google.com/ads/user-lists/974108101/?script=0&random=2433874630

- ORIGINAL_DST/24.155.92.60  image/gif*
*1467156899.837   5727 10.40.40.100 TAG_NONE/200 0 CONNECT
159.45.66.156:443  - HIER_NONE/- -*
*1467156899.837   5587 10.40.40.100 TCP_TUNNEL/200 165 CONNECT
connect.secure.wellsfargo.com:443
 - ORIGINAL_DST/159.45.66.156
 -*
*1467156899.837   5679 10.40.40.100 TAG_NONE/200 0 CONNEC

Re: [squid-users] Squid 3.5.19 how to find banking server name for no bump

2016-06-28 Thread Amos Jeffries

On 29/06/2016 2:02 a.m., Stanford Prescott wrote:
> I have the proper peek and splice and bump configuration of acls setup in
> my squid.conf file for no-bump of some web sites. I need help how to enter
> the banking hosts and or server names in a way that the peek and splice
> configuration will determine it is a banking site that I don't want bumped.
> 
> For example, if a user enters www.wellsfargo.com for online banking my
> current config still bumps wellsfargo.com. What would I need to enter for
> wellsfargo.com so that banking server will not be bumped?
> 

Depends on what you mean by "enter".

Are you asking for the ACL value?
  .wellfargo.com

Are you asking for the ACL definition?
 acl banks ssl::server_name .wellsfargo.com

Or are you asking for a whole SSL-Bump configuration example?
  has a few.

Amos

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] Squid 3.5.19 how to find banking server name for no bump

2016-06-28 Thread Stanford Prescott

I have the proper peek and splice and bump configuration of acls setup in
my squid.conf file for no-bump of some web sites. I need help how to enter
the banking hosts and or server names in a way that the peek and splice
configuration will determine it is a banking site that I don't want bumped.

For example, if a user enters www.wellsfargo.com for online banking my
current config still bumps wellsfargo.com. What would I need to enter for
wellsfargo.com so that banking server will not be bumped?
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Squid 3.5.19 how to find banking server name for no bump

Re: [squid-users] Squid 3.5.19 how to find banking server name for no bump

Re: [squid-users] Squid 3.5.19 how to find banking server name for no bump

Re: [squid-users] Squid 3.5.19 how to find banking server name for no bump

Re: [squid-users] Squid 3.5.19 how to find banking server name for no bump

Re: [squid-users] Squid 3.5.19 how to find banking server name for no bump

[squid-users] Squid 3.5.19 how to find banking server name for no bump

7 matches

Site Navigation

Mail list logo

Footer information