On Tue, 04 Feb 2014 19:17:51 +0600, Amos Jeffries <squid3_at_treenet.co.nz>
wrote:
> On 4/02/2014 11:34 p.m., Yury Paykov wrote:
>> Hello, squid users, I'm currently having an issue trying to configure
>
> That would be because the IP address is all Squid has to work with from
> the TCP packet and the best domain that can be known is the PTR record.
>
Or CN form the server certificate, which lead me to my following thread...
> FYI: 1e100.net is a google domain just as much as "google.com" etc.
> Add " .1e100.net " to your dstdomain ACL and it will work better.
It may as well be, but the information as to which domains to bump
comes from user, who is unlikely to guess that for search requests to
google.com not to be bumped he/she also need to mention .1e100.net...
>
>>
>> MY QUESTION IS - Is there a way to use CN information from server
>> certificate which is retrieved with /server-first/ method? Can I
>> construct
>> an ACL rule based on it?
>
> Not until after the bumping happens.
Sad :(
>
>
> Amos
>
>
Anyway, I'm grateful for your attention !
-- Sincerely Yours, ====Yury Paykov, aka CrystalReceived on Tue Feb 04 2014 - 13:24:08 MST
This archive was generated by hypermail 2.2.0 : Tue Feb 04 2014 - 12:00:04 MST