On 2/26/21 12:45 PM, Justin Michael Schwartzbeck wrote:
> For case 2 and 3, what you are saying is that the browser is requesting
> the DNS lookup first, correct?
Correct, but that does not really matter.
> Hence the need for a reverse DNS from
> squid, since squid does not know at that point w
Thanks for your answers Alex.
For case 1, I understand that should not be a problem, since squid is the
one asking for DNS resolution.
For case 2 and 3, what you are saying is that the browser is requesting the
DNS lookup first, correct? Hence the need for a reverse DNS from squid,
since squid doe
On 2/26/21 7:35 AM, Justin Michael Schwartzbeck wrote:
>> Yes, many HTTPS transactions do not expose destination domain until it
>> is too late to decide whether to bump them, and reverse DNS lookups are
>> often unreliable.
> I wonder why this would be.
I suspect you assume that a forward DNS l
On 2/25/21 2:07 PM, Justin Michael Schwartzbeck wrote:
> I have thus far used dstdomain acl for bypassing ssl bump on sites that
> we don't want to decrypt, like banking sites. It seems to work for some
> sites, but not for others.
Yes, many HTTPS transactions do not expose destination domain unt
Hi all,
I have thus far used dstdomain acl for bypassing ssl bump on sites that we
don't want to decrypt, like banking sites. It seems to work for some sites,
but not for others.
I see the following post on this from some years back:
http://www.squid-cache.org/mail-archive/squid-users/201303/0046
