redwood icon indicating copy to clipboard operation
redwood copied to clipboard
verified publisher icon andybalholm

Cannot SSLBump domain

Open hazcod opened this issue 5 years ago • 3 comments

Hi, trying to run a build from master.

Config:

# Listen for connections on port 8000.
http-proxy 127.0.0.1:8000

# the template for the block page
blockpage "/etc/redwood/block.html"

# directory of static files to be served by the internal web server
static-files-dir .

# directory of CGI scripts to run by the internal web server
cgi-bin .

# the directory containing the category information
categories .

# the file containing the Access Control List configuration
tls-cert ca.pem
tis-key ca.pem
block-obsolete-ssl True
acls acls.txt

# the minimum total score from a blocked category needed
# to block a page
threshold 275

# file configuring the content pruning
content-pruning .

# file configuring URL query modification
query-changes .

# path to the access log
access-log /dev/stdout

acts.txt:

ssl-bump all

However, a curl is not ssl bumped and works fine:

% ALL_PROXY="http://localhost:8000" curl https://ironpeak.be/ 1>/dev/null
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 28816  100 28816    0     0   182k      0 --:--:-- --:--:-- --:--:--  182k

Any idea what I'm missing here? Logs:

% ./redwood -c redwood.conf                                              
2021/03/08 16:54:20 Redwood v1.1.47
2021/03/08 16:54:20 Could not set blockpage to /etc/redwood/block.html : error loading block page template: open /etc/redwood/block.html: no such file or directory
2021/03/08 16:54:20 Error loading category config: open config/category.conf: no such file or directory
2021/03/08 16:54:20 Error loading category dg-convert: open dg-convert/category.conf: no such file or directory
2021/03/08 16:54:20 Error loading category startup: open startup/category.conf: no such file or directory
2021/03/08 16:54:20 Error reading .: read .: is a directory
2021/03/08 16:54:20 Error reading .: read .: is a directory
2021-03-08 16:54:25.905309,127.0.0.1,allow,//ironpeak.be,CONNECT,0,,0,,,,,,,,,,
2021-03-08 16:54:27.140089,127.0.0.1,allow,//ironpeak.be,CONNECT,0,,33061,,,,,,,,,,

hazcod avatar Mar 08 '21 15:03 hazcod

@hazcod First pay attention that If I'm not wrong the example config should not work as expected. However I do not remember if it was fixed. Another one is that you need to specify the full path to the pruning file and categories directory. Take a peek at a working example: https://github.com/elico/yt-classification-service-example/blob/master/redwood/redwood.conf

elico avatar Mar 08 '21 16:03 elico

Hi @elico ! Oddly enough, ALL_PROXY="http://0.0.0.0:8080" curl -vvv https://ironpeak.be/ 1>/dev/null seems to work as wel for your docker compose setup. (no cert warning to indicate sslbump is working)

hazcod avatar Mar 08 '21 16:03 hazcod

@hazcod This setup is to bump only specific YouTube sites. Take a peek at: https://github.com/elico/yt-classification-service-example/blob/2323858999b034a55ab5f8b2ffab061075d96a29/app/yt-classifier/youtube_id.py#L19

elico avatar Mar 08 '21 18:03 elico