Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Squid need help on script to auto add urls to whitelist when there is an ssl error

    Scheduled Pinned Locked Moved Cache/Proxy
    1 Posts 1 Posters 447 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      aGeekhere
      last edited by aGeekhere

      Hi all, what I am trying to do it auto add urls/domains which have ssl errors to a whitelist file instead of doing it manually. The goal is to have all sites be bumped by default except whitelist urls and urls which have returned an ssl errors (which cannot be proxied and need to be whitelisted). By doing this you will not need to add exceptions to domains which cannot be proxied.

      I think I am close however I still have issues.
      Here is the setup
      So setting SSL/MITM Mode to custom
      Under Custom Options (SSL/MITM)

      # Define the external ACL
external_acl_type SSL_CHECKER ttl=60 negative_ttl=5 concurrency=10 %URI /home/check_site_status.sh

# Create an ACL that uses the external ACL
acl SSL_WHITELIST external SSL_CHECKER

# Allow HTTP CONNECT requests that match the ACL and splice the connection
http_access allow CONNECT SSL_WHITELIST
ssl_bump splice SSL_WHITELIST
ssl_bump bump all

      The script checks for an ssl error and adds it to the white list file.
      check_site_status.sh

      #!/bin/sh

# Define the whitelist file
WHITELIST="/home/whitelist.txt"

# This function checks if a website returns an SSL error
check_ssl_error() 
{
	domain=$1
    # Use openssl to check the SSL certificate of the domain
    echo | openssl s_client -servername "$domain" -connect "$domain":443 2>&1 | grep -q "Verify return code: 0 (ok)" 
    return $?
}

# This function adds a domain to the Squid's whitelist
add_to_whitelist() 
{
    domain=$1
    domain=$(echo "$domain" | sed 's/^[0-9]* //;s/:443 -//;s/^ *//;s/ *$//')
    # Check if the domain is already in the whitelist
    if ! grep -q "^$domain$" $WHITELIST; then
        # If not, add the domain to the whitelist
        echo "$domain" >> $WHITELIST
    fi
}

# Main loop that reads domains from stdin
while read domain; do
    # Check if the domain returns an SSL error
    if check_ssl_error "$domain"; then
        echo "No SSL error for $domain"
    else
        echo "SSL error for $domain, adding to whitelist"
        add_to_whitelist "$domain"
    fi
done

      Note the follow file permissions
      -rwxrwxrwx 1 squid proxy check_site_status.sh
      -rwxrwxrwx 1 squid proxy whitelist.txt
      If anyone sees the issue post below

      Never Fear, A Geek is Here!

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.