On 5/18/22 15:35, Eliezer Croitoru wrote:
I have seen that many sites are against MITM since they want to be able
to reach the client directly and without any ICAP proxy in the middle.
There are services that gives captcha pages when these pages are being
MITM by squid, for example:
I have seen that many sites are against MITM since they want to be able to
reach the client directly and without any ICAP proxy in the middle.
There are services that gives captcha pages when these pages are being MITM
by squid, for example:
https://linuxize.com
@Alex, can we please try to
Hey Alex,
I have started working on some external_acl helper that will probe the
server certificate like what ufdbguard does but will be written
probably in another language then C++ ... ie scripting or GoLang or Rust.
The idea is that there will be some cache or DB that will store information
On 5/18/22 12:28, robert k Wild wrote:
acl DiscoverSNIHost at_step SslBump1
acl NoSSLIntercept ssl::server_name "/usr/local/squid/etc/nointercept.txt"
ssl_bump peek DiscoverSNIHost
ssl_bump splice NoSSLIntercept
ssl_bump bump all
OK, the above configuration makes the splice/bump decision
im using this
# SSL bump rulesacl DiscoverSNIHost at_step SslBump1acl NoSSLIntercept
ssl::server_name "/usr/local/squid/etc/nointercept.txt"ssl_bump peek
DiscoverSNIHostssl_bump splice NoSSLInterceptssl_bump bump all
and in the nointercept.txt
i have the url in there, also i have it in the url
hi all,
i have squid proxy configured as ssl bump and i white list some websites
only
but for some websites i dont want to inspect https traffic as it breaks the
cert when i want to license some apps via the url (whitelist url)
how can i disable https inspection for some websites please
many
