Hey Ben,
I have seen your email however didn’t had enough time to respond. I and others need some free time… I am more then willing to test this issue in my local test environment. I can test it on Oracle Enterprise Linux 8 with the latest 4.x version. We can simplify things by creating a very specific environment without any unknowns. You will need to provide the full details of the testing setup and the content of: acl NoSSLIntercept ssl::server_name "/usr/local/squid/etc/url-no-bump" acl NoSSLInterceptRegexp ssl::server_name_regex -i "/usr/local/squid/etc/url-no-bump-regexp" In my environment it works as expected without any issues while I am not user ssl::server_name_regex The docs clearly state: acl aclname ssl::server_name_regex [-i] \.foo\.com ... # regex matches server name obtained from various sources [fast] So you should try to use: acl aclname ssl::server_name [option] .foo.com ... # matches server name obtained from various sources [fast] Instead as a starter point. I understand you need some help but I and others have other obligations in life so it would happen from time to time that someone is not free to try and help you. All The Bests, Eliezer * If someone would have provided me with enough food and other living expenses I might have been free enough to help you. ---- Eliezer Croitoru NgTech, Tech Support Mobile: +972-5-28704261 Email: ngtech1...@gmail.com <mailto:ngtech1...@gmail.com> From: squid-users <squid-users-boun...@lists.squid-cache.org> On Behalf Of Ben Goz Sent: Thursday, February 17, 2022 14:47 To: squid-users@lists.squid-cache.org Subject: Re: [squid-users] Splice certain SNIs which served by the same IP By the help of God. Any insights? Thanks, Ben בתאריך יום ב׳, 14 בפבר׳ 2022 ב-15:49 מאת Ben Goz < <mailto:ben.go...@gmail.com> ben.go...@gmail.com>: By the help of God. Hi, Ny squid version is 4.15, using it on tproxy configuration. I'm using ssl bump to intercept https connection, but I want to splice several domains. I have a problem that when I'm splicing some google domains eg. youtube.com <http://youtube.com> then gmail.com <http://gmail.com> domain also spliced. I know that it is very common for google servers to host multiple domains on single server. And I suspect that when I'm splicing for example youtube.com <http://youtube.com> it'll also splices google.com <http://google.com> . Here are my squid configurations for the ssl bump: https_port xxxx ssl-bump tproxy generate-host-certificates=on options=ALL dynamic_cert_mem_cache_size=4MB cert=/usr/local/squid/etc/ssl_cert/myCA.pem dhparams=/usr/local/squid/etc/dhparam.pem sslflags=NO_DEFAULT_CA acl DiscoverSNIHost at_step SslBump1 acl NoSSLIntercept ssl::server_name "/usr/local/squid/etc/url-no-bump" acl NoSSLInterceptRegexp ssl::server_name_regex -i "/usr/local/squid/etc/url-no-bump-regexp" ssl_bump splice NoSSLInterceptRegexp_always ssl_bump splice NoSSLIntercept ssl_bump splice NoSSLInterceptRegexp ssl_bump peek DiscoverSNIHost ssl_bump bump all
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users