Created
June 29, 2023 00:37
-
-
Save elico/b49f4a28d4b5db5ba882b10d40872d5e to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# SSL Interception basic rules | |
acl DiscoverSNIHost at_step SslBump1 | |
acl NoSSLInterceptRegEx ssl::server_name_regex (^|.*\.)redshift3d\.com$ | |
acl NoSSLInterceptRegExFile ssl::server_name_regex "/usr/local/squid/etc/no-intercept-ssl-regex.txt" | |
acl NoSSLInterceptDstDom ssl::server_name .redshift3d.com | |
acl NoSSLInterceptDstDomFile ssl::server_name "/usr/local/squid/etc/no-intercept-ssl-dstdom.txt" | |
## Any of will test what ever rule match first in a first match/hit fasion | |
acl NoSSLInterceptAnyOf any-of NoSSLInterceptDstDom NoSSLInterceptDstDomFile NoSSLInterceptRegEx NoSSLInterceptRegExFile | |
ssl_bump peek DiscoverSNIHost | |
ssl_bump splice NoSSLInterceptAnyOf | |
ssl_bump bump all | |
#SSL Bump port | |
http_port 3128 ssl-bump cert=/usr/local/squid/etc/ssl_cert/myCA.pem generate-host-certificates=on dynamic_cert_mem_cache_size=4MB | |
sslcrtd_program /usr/local/squid/libexec/security_file_certgen -s /var/lib/ssl_db -M 4MB | |
## http_access acls, will apply on incomming requests and not on responses | |
acl special_url_regex url_regex https?://(^|.*\.)redshift3d\.com\/ | |
acl special_url_regex_file url_regex "/usr/local/squid/etc/special_url_regex.txt" | |
acl special_url_dst_dom dstdomain .redshift3d.com | |
acl special_url_dst_dom_file dstdomain "/usr/local/squid/etc/special_url_dstdom.txt" | |
acl special_url_any_of any-of special_url_dst_dom special_url_dst_dom_file special_url_regex special_url_regex_file | |
acl localnet src 192.168.0.0/16 | |
acl localnet src 10.0.0.0/8 | |
http_access allow localnet special_url_any_of | |
http_access deny all | |
# Once the above will work try to add other http_access rule like reply access rules |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment