search

sonertari / SSLproxy

Transparent SSL/TLS proxy for decrypting and diverting network traffic to other programs, such as UTM services, for deep SSL inspection
BSD 2-Clause "Simplified" License
385 stars 100 forks source link

Global PassSite and modern passsite_filter #33

Closed maxalex301 closed 3 years ago

maxalex301 commented 3 years ago

Hi, thanks for excelent project )

In latest release I try specify global PassSite filter, but it ignored ( After review code, I found passsite_filter creates only from global->spec, but not from global->opts. Is it bug?

sonertari commented 3 years ago

The order of options and rules defined in the conf file is important. I guess that in your conf file the global PassSite rules are below the proxyspec lines. Please move the PassSite rules you want cloned to certain proxyspecs above those proxyspecs. (The sample PassSite rules on the UTMFW project are at the bottom of its sslproxy.conf file, I guess that's misleading users, sorry.)

Btw, if you need to use something like PassSite rules, then I recommend the new filtering rules on the develop branch. I think they are stable enough now, although I am still developing them heavily. Please see the filtering rules section in the README on the develop branch. The PassSite option will be deprecated in favor of filtering rules in the future. And the filtering rules are more flexible and powerful.

maxalex301 commented 3 years ago

Thanks for quick answer. New filters are very useful.