• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Squid need help on script to auto add urls to whitelist when there is an ssl error

Scheduled Pinned Locked Moved Cache/Proxy
1 Posts 1 Posters 436 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • A
    aGeekhere
    last edited by aGeekhere Nov 4, 2023, 9:11 AM Nov 2, 2023, 10:08 AM

    Hi all, what I am trying to do it auto add urls/domains which have ssl errors to a whitelist file instead of doing it manually. The goal is to have all sites be bumped by default except whitelist urls and urls which have returned an ssl errors (which cannot be proxied and need to be whitelisted). By doing this you will not need to add exceptions to domains which cannot be proxied.

    I think I am close however I still have issues.
    Here is the setup
    So setting SSL/MITM Mode to custom
    Under Custom Options (SSL/MITM)

    # Define the external ACL
external_acl_type SSL_CHECKER ttl=60 negative_ttl=5 concurrency=10 %URI /home/check_site_status.sh

# Create an ACL that uses the external ACL
acl SSL_WHITELIST external SSL_CHECKER

# Allow HTTP CONNECT requests that match the ACL and splice the connection
http_access allow CONNECT SSL_WHITELIST
ssl_bump splice SSL_WHITELIST
ssl_bump bump all

    The script checks for an ssl error and adds it to the white list file.
    check_site_status.sh

    #!/bin/sh

# Define the whitelist file
WHITELIST="/home/whitelist.txt"

# This function checks if a website returns an SSL error
check_ssl_error() 
{
	domain=$1
    # Use openssl to check the SSL certificate of the domain
    echo | openssl s_client -servername "$domain" -connect "$domain":443 2>&1 | grep -q "Verify return code: 0 (ok)" 
    return $?
}

# This function adds a domain to the Squid's whitelist
add_to_whitelist() 
{
    domain=$1
    domain=$(echo "$domain" | sed 's/^[0-9]* //;s/:443 -//;s/^ *//;s/ *$//')
    # Check if the domain is already in the whitelist
    if ! grep -q "^$domain$" $WHITELIST; then
        # If not, add the domain to the whitelist
        echo "$domain" >> $WHITELIST
    fi
}

# Main loop that reads domains from stdin
while read domain; do
    # Check if the domain returns an SSL error
    if check_ssl_error "$domain"; then
        echo "No SSL error for $domain"
    else
        echo "SSL error for $domain, adding to whitelist"
        add_to_whitelist "$domain"
    fi
done

    Note the follow file permissions
    -rwxrwxrwx 1 squid proxy check_site_status.sh
    -rwxrwxrwx 1 squid proxy whitelist.txt
    If anyone sees the issue post below

    Never Fear, A Geek is Here!

    1 Reply Last reply Reply Quote 0
    1 out of 1
    • First post
      1/1
      Last post
    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
      This community forum collects and processes your personal information.
      consent.not_received