I am having issue with reverse dns lookups with squid, I am using wccp redirecting https connections to a squid proxy server. I am also using squidguard for content filter. When the https traffic arrives at the proxy it is already been through the dns lookup process and is https so I can not see the SNI information. So the server only see the ip address of the site. This is causing issues with the Black List of the content filter as it uses fqdn. Has anyone had experience with setting squid to allow for reverse lookups for https traffic. I do not want to use MITM.

Logs 1510234383.852 10522 192.168.100.21 TCP_TUNNEL/200 145 CONNECT 52.15.222.219:443 – ORIGINAL_DST/52.15.222.219 – 1510234383.852 10571 192.168.100.21 TCP_TUNNEL/200 145 CONNECT 54.204.7.190:443 – ORIGINAL_DST/54.204.7.190 – 1510234383.852 10639 192.168.100.21 TCP_TUNNEL/200 145 CONNECT 13.58.111.187:443 – ORIGINAL_DST/13.58.111.187 – 1510234383.959 106 192.168.100.21 TCP_TUNNEL/200 482 CONNECT 70.42.104.51:443 – ORIGINAL_DST/70.42.104.51 – 1510234384.358 268 192.168.100.21 TCP_TUNNEL/200 5195 CONNECT 52.9.182.49:443 – ORIGINAL_DST/52.9.182.49 – 1510234384.421 5482 192.168.100.21 TCP_TUNNEL/200 780 CONNECT 205.185.208.154:443 – ORIGINAL_DST/205.185.208.154 – 1510234386.893 25 192.168.100.21 TAG_NONE/503 0 CONNECT 208.185.50.67:443 – HIER_NONE/- – 1510234386.893 25 192.168.100.21 TAG_NONE/503 0 CONNECT 208.185.50.67:443 – HIER_NONE/- – 1510234386.893 25 192.168.100.21 TAG_NONE/503 0 CONNECT 208.185.50.67:443 – HIER_NONE/- – 1510234386.963 108 192.168.100.21 TCP_TUNNEL/200 482 CONNECT 70.42.104.51:443 – ORIGINAL_DST/70.42.104.51 – 1510234387.942 10081 192.168.100.21 TCP_TUNNEL/200 3573 CONNECT 216.58.218.134:443 – ORIGINAL_DST/216.58.218.134 – 1510234387.978 10117 192.168.100.21 TCP_TUNNEL/200 156 CONNECT 54.230.55.190:443 – ORIGINAL_DST/54.230.55.190 –

Config

acl localnet src 10.0.0.0/8 # RFC1918 possible internal network acl localnet src 172.16.0.0/12 # RFC1918 possible internal network acl localnet src 192.168.0.0/16 # RFC1918 possible internal network acl localnet src fc00::/7 # RFC 4193 local private network range acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT

http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost manager http_access deny manager http_access allow localnet http_access allow localhost http_access deny all

http_port 3128

http_port 8080 intercept wccp2_router 172.20.120.254 wccp2_forwarding_method gre wccp2_return_method gre wccp2_service standard 0 # https_port 8081 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/opt/squid_certs/proxyCAnew.pem ssl_bump none all sslcrtd_program /lib64/squid/ssl_crtd -s /lib64/squid/ssl_db -M 40MB sslcrtd_children 10 wccp2_router 172.20.120.254 wccp2_forwarding_method gre wccp2_return_method gre wccp2_service dynamic 70 wccp2_service_info 70 protocol=tcp flags=dst_ip_hash priority=240 ports=443 wccp2_assignment_method hash

log_fqdn on

always_direct allow all

coredump_dir /var/spool/squid

refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320

url_rewrite_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf