Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Block all is not logged #46

Open
piolug93 opened this issue Jun 27, 2022 · 8 comments
Open

Block all is not logged #46

piolug93 opened this issue Jun 27, 2022 · 8 comments

Comments

@piolug93
Copy link
Contributor

I have filter rule Block from ip * to ip * log * and while traffic has been blocked i don't see that in logs. Below i send debug log where we see only SSL negotiation and connection to destination host without information about from connection from who initialized and information about block action.

SSLproxy  (built 2022-06-23)
------------------------------------------------------------------------------
WARNING: Something is wrong with the version compiled into sslproxy!
The version should contain a release number and/or a git commit reference.
If using a package, please report a bug to the distro package maintainer.
------------------------------------------------------------------------------
Copyright (c) 2017-2022, Soner Tari <[email protected]>
https://github.com/sonertari/SSLproxy
Copyright (c) 2009-2019, Daniel Roethlisberger <[email protected]>
https://www.roe.ch/SSLsplit
Build info: V:DIR N:56b3680
Features: -DHAVE_NETFILTER -DWITHOUT_USERAUTH
NAT engines: netfilter* tproxy
netfilter: IP_TRANSPARENT IP6T_SO_ORIGINAL_DST
Local process info support: no
compiled against OpenSSL 1.1.1n  15 Mar 2022 (101010ef)
rtlinked against OpenSSL 1.1.1n  15 Mar 2022 (101010ef)
OpenSSL has support for TLS extensions
TLS Server Name Indication (SNI) supported
OpenSSL is thread-safe with THREADID
OpenSSL has engine support
Using SSL_MODE_RELEASE_BUFFERS
SSL/TLS protocol availability: tls10 tls11 tls12 tls13
SSL/TLS algorithm availability: !SHA0 RSA DSA ECDSA DH ECDH EC
OpenSSL option availability: SSL_OP_NO_COMPRESSION SSL_OP_NO_TICKET SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION SSL_OP_TLS_ROLLBACK_BUG
compiled against libevent 2.1.12-stable
rtlinked against libevent 2.1.12-stable
compiled against libnet 1.1.6
rtlinked against libnet 1.1.6
compiled against libpcap n/a
rtlinked against libpcap 1.10.0 (with TPACKET_V3)
2 CPU cores detected
Generated 2048 bit RSA key for leaf certs.
Global conn opts: negotiate>=tls10<=tls13|ALL:!RC4|TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256|no ecdhcurve|no leafcrlurl|verify_peer|allow_wrong_host|validate_proto|8192
proxyspecs:
- listen=[0.0.0.0]:3129 ssl|http netfilter
opts= conn opts: negotiate>=tls10<=tls13|ALL:!RC4|TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256|no ecdhcurve|no leafcrlurl|verify_peer|allow_wrong_host|validate_proto|8192
split
macro $repositories = *.debian.org, packages.gitlab.com, ftp.de.debian.org, d20rj4el6vkp4c.cloudfront.net
filter rule 0: dstip=, dstport=, srcip=, exact=||, all=conns|sites|, action=|||block|, log=connect|master|cert|content|pcap|mirror, precedence=2
filter rule 1: dstip=, dstport=, srcip=10.10.10., exact=||, all=|sites|, action=|split|||, log=connect|master|cert|content|pcap|mirror, precedence=3
filter rule 2: dstip=, dstport=, srcip=10.1.20.4, exact=||ip, all=|sites|, action=|split|||, log=connect|master|cert|content|pcap|mirror, precedence=3
filter rule 3: dstip=, dstport=, srcip=10.1.10.103, exact=||ip, all=|sites|, action=|split|||, log=connect|master|cert|content|pcap|mirror, precedence=3
filter rule 4: host=*.debian.org, dstport=, srcip=, exact=site||, all=conns||, action=|split|||, log=connect|master|cert|content|pcap|mirror, precedence=2
filter rule 5: host=packages.gitlab.com, dstport=, srcip=, exact=site||, all=conns||, action=|split|||, log=connect|master|cert|content|pcap|mirror, precedence=2
filter rule 6: host=ftp.de.debian.org, dstport=, srcip=, exact=site||, all=conns||, action=|split|||, log=connect|master|cert|content|pcap|mirror, precedence=2
filter rule 7: host=d20rj4el6vkp4c.cloudfront.net, dstport=, srcip=, exact=site||, all=conns||, action=|split|||, log=connect|master|cert|content|pcap|mirror, precedence=2
filter=>
ip_filter_exact->
  ip 0 10.1.10.103 (exact)=
    ip all:
      0:  (all_sites, substring, action=|split|||, log=connect|master|cert|content|pcap|mirror, precedence=3)
  ip 1 10.1.20.4 (exact)=
    ip all:
      0:  (all_sites, substring, action=|split|||, log=connect|master|cert|content|pcap|mirror, precedence=3)
ip_filter_substring->
  ip 0 10.10.10. (substring)=
    ip all:
      0:  (all_sites, substring, action=|split|||, log=connect|master|cert|content|pcap|mirror, precedence=3)
filter_all->
    ip all:
      0:  (all_sites, substring, action=|||block|, log=connect|master|cert|content|pcap|mirror, precedence=2)
    host exact:
      0: *.debian.org (exact, action=|split|||, log=connect|master|cert|content|pcap|mirror, precedence=2)
      1: d20rj4el6vkp4c.cloudfront.net (exact, action=|split|||, log=connect|master|cert|content|pcap|mirror, precedence=2)
      2: ftp.de.debian.org (exact, action=|split|||, log=connect|master|cert|content|pcap|mirror, precedence=2)
      3: packages.gitlab.com (exact, action=|split|||, log=connect|master|cert|content|pcap|mirror, precedence=2)

- listen=[0.0.0.0]:3128 tcp|http netfilter
opts= conn opts: negotiate>=tls10<=tls13|ALL:!RC4|TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256|no ecdhcurve|no leafcrlurl|verify_peer|allow_wrong_host|validate_proto|8192
split
macro $repositories = *.debian.org, packages.gitlab.com, ftp.de.debian.org, d20rj4el6vkp4c.cloudfront.net
filter rule 0: dstip=, dstport=, srcip=, exact=||, all=conns|sites|, action=|||block|, log=connect|master|cert|content|pcap|mirror, precedence=2
filter rule 1: dstip=, dstport=, srcip=10.10.10., exact=||, all=|sites|, action=|split|||, log=connect|master|cert|content|pcap|mirror, precedence=3
filter rule 2: dstip=, dstport=, srcip=10.1.20.4, exact=||ip, all=|sites|, action=|split|||, log=connect|master|cert|content|pcap|mirror, precedence=3
filter rule 3: dstip=, dstport=, srcip=10.1.10.103, exact=||ip, all=|sites|, action=|split|||, log=connect|master|cert|content|pcap|mirror, precedence=3
filter rule 4: host=*.debian.org, dstport=, srcip=, exact=site||, all=conns||, action=|split|||, log=connect|master|cert|content|pcap|mirror, precedence=2
filter rule 5: host=packages.gitlab.com, dstport=, srcip=, exact=site||, all=conns||, action=|split|||, log=connect|master|cert|content|pcap|mirror, precedence=2
filter rule 6: host=ftp.de.debian.org, dstport=, srcip=, exact=site||, all=conns||, action=|split|||, log=connect|master|cert|content|pcap|mirror, precedence=2
filter rule 7: host=d20rj4el6vkp4c.cloudfront.net, dstport=, srcip=, exact=site||, all=conns||, action=|split|||, log=connect|master|cert|content|pcap|mirror, precedence=2
filter=>
ip_filter_exact->
  ip 0 10.1.10.103 (exact)=
    ip all:
      0:  (all_sites, substring, action=|split|||, log=connect|master|cert|content|pcap|mirror, precedence=3)
  ip 1 10.1.20.4 (exact)=
    ip all:
      0:  (all_sites, substring, action=|split|||, log=connect|master|cert|content|pcap|mirror, precedence=3)
ip_filter_substring->
  ip 0 10.10.10. (substring)=
    ip all:
      0:  (all_sites, substring, action=|split|||, log=connect|master|cert|content|pcap|mirror, precedence=3)
filter_all->
    ip all:
      0:  (all_sites, substring, action=|||block|, log=connect|master|cert|content|pcap|mirror, precedence=2)
    host exact:
      0: *.debian.org (exact, action=|split|||, log=connect|master|cert|content|pcap|mirror, precedence=2)
      1: d20rj4el6vkp4c.cloudfront.net (exact, action=|split|||, log=connect|master|cert|content|pcap|mirror, precedence=2)
      2: ftp.de.debian.org (exact, action=|split|||, log=connect|master|cert|content|pcap|mirror, precedence=2)
      3: packages.gitlab.com (exact, action=|split|||, log=connect|master|cert|content|pcap|mirror, precedence=2)

Loaded Global CA: '/C=cenzored/ST=cenzored/L=cenzored/O=cenzored/emailAddress=cenzored/CN=cenzored'
Loaded ProxySpec CA: '/C=cenzored/ST=cenzored/L=cenzored/O=cenzored/emailAddress=cenzored/CN=cenzored'
Loaded ProxySpec CA: '/C=cenzored/ST=cenzored/L=cenzored/O=cenzored/emailAddress=cenzored/CN=cenzored'
SSL/TLS leaf certificates taken from:
- Global generated on the fly
Privsep fastpath disabled
Created self-pipe [r=6,w=7]
Created chld-pipe [r=8,w=9]
Created socketpair 0 [p=10,c=11]
Created socketpair 1 [p=12,c=13]
Created socketpair 2 [p=14,c=15]
Created socketpair 3 [p=16,c=17]
Created socketpair 4 [p=18,c=19]
Created socketpair 5 [p=20,c=21]
Privsep parent pid 57314
Privsep child pid 57315
Using libevent backend 'epoll'
Event base supports: edge yes, O(1) yes, anyfd no
Received privsep req type 03 sz 9 on srvsock 10
Received privsep req type 03 sz 9 on srvsock 10
Received privsep req type 00 sz 1 on srvsock 10
Dropped privs to user proxy group proxy chroot -
Received privsep req type 00 sz 1 on srvsock 12
Received privsep req type 00 sz 1 on srvsock 16
Received privsep req type 00 sz 1 on srvsock 18
Received privsep req type 00 sz 1 on srvsock 20
Inserted events:
  0x5597949a2348 [fd  6] Read Persist Internal
  0x5597949a2520 [fd  8] Read Persist Internal
  0x5597949a25f8 [fd  9] Read Persist
  0x5597949a26b8 [fd  10] Read Persist
  0x55979499ac60 [sig 1] Signal Persist
  0x559794968f90 [sig 2] Signal Persist
  0x55979499b010 [sig 3] Signal Persist
  0x55979499ada0 [sig 10] Signal Persist
  0x55979499af80 [sig 13] Signal Persist
  0x55979499dc80 [sig 15] Signal Persist
  0x55979499ca40 [fd  -1] Persist Timeout=1656312391.110235
Active events:
Initialized 4 connection handling threads
Started 4 connection handling threads
Starting main event loop.
SNI peek: [api.bing.com] [complete], fd=28
Connecting to [13.107.5.80]:443
===> Original server certificate:
Subject DN: /CN=www.bing.com
Common Names: www.bing.com/www.bing.com/dict.bing.com.cn/*.platform.bing.com/*.bing.com/bing.com/ieonline.microsoft.com/*.windowssearch.com/cn.ieonline.microsoft.com/*.origin.bing.com/*.mm.bing.net/*.api.bing.com/ecn.dev.virtualearth.net/*.cn.bing.net/*.cn.bing.com/ssl-api.bing.com/ssl-api.bing.net/*.api.bing.net/*.bingapis.com/bingsandbox.com/feedback.microsoft.com/insertmedia.bing.office.net/r.bat.bing.com/*.r.bat.bing.com/*.dict.bing.com.cn/*.dict.bing.com/*.ssl.bing.com/*.appex.bing.com/*.platform.cn.bing.com/wp.m.bing.com/*.m.bing.com/global.bing.com/windowssearch.com/search.msn.com/*.bingsandbox.com/*.api.tiles.ditu.live.com/*.ditu.live.com/*.t0.tiles.ditu.live.com/*.t1.tiles.ditu.live.com/*.t2.tiles.ditu.live.com/*.t3.tiles.ditu.live.com/*.tiles.ditu.live.com/3d.live.com/api.search.live.com/beta.search.live.com/cnweb.search.live.com/dev.live.com/ditu.live.com/farecast.live.com/image.live.com/images.live.com/local.live.com.au/localsearch.live.com/ls4d.search.live.com/mail.live.com/mapindia.live.com/local.live.com/maps.live.com/maps.live.com.au/mindia.live.com/news.live.com/origin.cnweb.search.live.com/preview.local.live.com/search.live.com/test.maps.live.com/video.live.com/videos.live.com/virtualearth.live.com/wap.live.com/webmaster.live.com/webmasters.live.com/www.local.live.com.au/www.maps.live.com.au
Fingerprint: EB:39:0A:AB:CF:92:D2:3C:DE:A1CD:8A:8A:99:95:9D:76:38:39:BF
Certificate cache: MISS
===> Forged server certificate:
Subject DN: /CN=www.bing.com
Common Names: www.bing.com/www.bing.com/dict.bing.com.cn/*.platform.bing.com/*.bing.com/bing.com/ieonline.microsoft.com/*.windowssearch.com/cn.ieonline.microsoft.com/*.origin.bing.com/*.mm.bing.net/*.api.bing.com/ecn.dev.virtualearth.net/*.cn.bing.net/*.cn.bing.com/ssl-api.bing.com/ssl-api.bing.net/*.api.bing.net/*.bingapis.com/bingsandbox.com/feedback.microsoft.com/insertmedia.bing.office.net/r.bat.bing.com/*.r.bat.bing.com/*.dict.bing.com.cn/*.dict.bing.com/*.ssl.bing.com/*.appex.bing.com/*.platform.cn.bing.com/wp.m.bing.com/*.m.bing.com/global.bing.com/windowssearch.com/search.msn.com/*.bingsandbox.com/*.api.tiles.ditu.live.com/*.ditu.live.com/*.t0.tiles.ditu.live.com/*.t1.tiles.ditu.live.com/*.t2.tiles.ditu.live.com/*.t3.tiles.ditu.live.com/*.tiles.ditu.live.com/3d.live.com/api.search.live.com/beta.search.live.com/cnweb.search.live.com/dev.live.com/ditu.live.com/farecast.live.com/image.live.com/images.live.com/local.live.com.au/localsearch.live.com/ls4d.search.live.com/mail.live.com/mapindia.live.com/local.live.com/maps.live.com/maps.live.com.au/mindia.live.com/news.live.com/origin.cnweb.search.live.com/preview.local.live.com/search.live.com/test.maps.live.com/video.live.com/videos.live.com/virtualearth.live.com/wap.live.com/webmaster.live.com/webmasters.live.com/www.local.live.com.au/www.maps.live.com.au
Fingerprint: 70:CD:82:A4:5B:8C:9D:4C:4C:F898:09:4E:25:CE:3C:BF:85:5E:55
SSL session cache: MISS
Certificate cache: KEEP (SNI match or target mode)
HTTPS connected to [13.107.5.80]:443 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
CLIENT_RANDOM 62B9518B458795A9B3017C8489C368D0DE435885D63450133B535AC62C204CEC F9431E72258B7E72EE77BA741C234179C9B0AB05175A5C4551BA6E8FFE10968D13913A8B9AD6CCCB14EF440E99F1DAA0
SSL_free() in state 00000001 = 0001 = SSLOK  (SSL negotiation finished successfully) [accept socket]
SSL_free() in state 00000001 = 0001 = SSLOK  (SSL negotiation finished successfully) [connect socket]
SNI peek: [api.bing.com] [complete], fd=28
Connecting to [13.107.5.80]:443
Attempt reuse dst SSL session
===> Original server certificate:
Subject DN: /CN=www.bing.com
Common Names: www.bing.com/www.bing.com/dict.bing.com.cn/*.platform.bing.com/*.bing.com/bing.com/ieonline.microsoft.com/*.windowssearch.com/cn.ieonline.microsoft.com/*.origin.bing.com/*.mm.bing.net/*.api.bing.com/ecn.dev.virtualearth.net/*.cn.bing.net/*.cn.bing.com/ssl-api.bing.com/ssl-api.bing.net/*.api.bing.net/*.bingapis.com/bingsandbox.com/feedback.microsoft.com/insertmedia.bing.office.net/r.bat.bing.com/*.r.bat.bing.com/*.dict.bing.com.cn/*.dict.bing.com/*.ssl.bing.com/*.appex.bing.com/*.platform.cn.bing.com/wp.m.bing.com/*.m.bing.com/global.bing.com/windowssearch.com/search.msn.com/*.bingsandbox.com/*.api.tiles.ditu.live.com/*.ditu.live.com/*.t0.tiles.ditu.live.com/*.t1.tiles.ditu.live.com/*.t2.tiles.ditu.live.com/*.t3.tiles.ditu.live.com/*.tiles.ditu.live.com/3d.live.com/api.search.live.com/beta.search.live.com/cnweb.search.live.com/dev.live.com/ditu.live.com/farecast.live.com/image.live.com/images.live.com/local.live.com.au/localsearch.live.com/ls4d.search.live.com/mail.live.com/mapindia.live.com/local.live.com/maps.live.com/maps.live.com.au/mindia.live.com/news.live.com/origin.cnweb.search.live.com/preview.local.live.com/search.live.com/test.maps.live.com/video.live.com/videos.live.com/virtualearth.live.com/wap.live.com/webmaster.live.com/webmasters.live.com/www.local.live.com.au/www.maps.live.com.au
Fingerprint: EB:39:0A:AB:CF:92:D2:3C:DE:A1CD:8A:8A:99:95:9D:76:38:39:BF
Certificate cache: HIT
===> Forged server certificate:
Subject DN: /CN=www.bing.com
Common Names: www.bing.com/www.bing.com/dict.bing.com.cn/*.platform.bing.com/*.bing.com/bing.com/ieonline.microsoft.com/*.windowssearch.com/cn.ieonline.microsoft.com/*.origin.bing.com/*.mm.bing.net/*.api.bing.com/ecn.dev.virtualearth.net/*.cn.bing.net/*.cn.bing.com/ssl-api.bing.com/ssl-api.bing.net/*.api.bing.net/*.bingapis.com/bingsandbox.com/feedback.microsoft.com/insertmedia.bing.office.net/r.bat.bing.com/*.r.bat.bing.com/*.dict.bing.com.cn/*.dict.bing.com/*.ssl.bing.com/*.appex.bing.com/*.platform.cn.bing.com/wp.m.bing.com/*.m.bing.com/global.bing.com/windowssearch.com/search.msn.com/*.bingsandbox.com/*.api.tiles.ditu.live.com/*.ditu.live.com/*.t0.tiles.ditu.live.com/*.t1.tiles.ditu.live.com/*.t2.tiles.ditu.live.com/*.t3.tiles.ditu.live.com/*.tiles.ditu.live.com/3d.live.com/api.search.live.com/beta.search.live.com/cnweb.search.live.com/dev.live.com/ditu.live.com/farecast.live.com/image.live.com/images.live.com/local.live.com.au/localsearch.live.com/ls4d.search.live.com/mail.live.com/mapindia.live.com/local.live.com/maps.live.com/maps.live.com.au/mindia.live.com/news.live.com/origin.cnweb.search.live.com/preview.local.live.com/search.live.com/test.maps.live.com/video.live.com/videos.live.com/virtualearth.live.com/wap.live.com/webmaster.live.com/webmasters.live.com/www.local.live.com.au/www.maps.live.com.au
Fingerprint: 70:CD:82:A4:5B:8C:9D:4C:4C:F898:09:4E:25:CE:3C:BF:85:5E:55
SSL session cache: HIT
Certificate cache: KEEP (SNI match or target mode)
HTTPS connected to [13.107.5.80]:443 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
CLIENT_RANDOM 62B9518C6FF82CF21D5543F6A447200790277D27D8F7A753B7C86DF51B3DDA4E F9431E72258B7E72EE77BA741C234179C9B0AB05175A5C4551BA6E8FFE10968D13913A8B9AD6CCCB14EF440E99F1DAA0
SSL_free() in state 00000001 = 0001 = SSLOK  (SSL negotiation finished successfully) [accept socket]
SSL_free() in state 00000001 = 0001 = SSLOK  (SSL negotiation finished successfully) [connect socket]
SNI peek: [o2.pl] [complete], fd=28
Connecting to [212.77.98.29]:443
===> Original server certificate:
Subject DN: /CN=*.o2.pl
Common Names: *.o2.pl/*.o2.pl/o2.pl
Fingerprint: 31:A6:82:23:07:BE:BC:C6:79:AC80:FC:FD:BE:B6:1A:50:EB:56:2A
Certificate cache: MISS
===> Forged server certificate:
Subject DN: /CN=*.o2.pl
Common Names: *.o2.pl/*.o2.pl/o2.pl
Fingerprint: 9F:0F:69:AB:CC:03:90:76:3B:9B5D:F1:A4:40:0F:D5:DC:27:F6:28
SSL session cache: MISS
Certificate cache: KEEP (SNI match or target mode)
HTTPS connected to [212.77.98.29]:443 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
CLIENT_RANDOM 62B951908059EED2785C36FDD1B3D7395EDA9939C3CABF3969EF205E8DB8AAD2 5EBB58AC19E570E59A41C2995121DE7FF182EE71AEF3C81957658CEC11811DF002AC09C5C07829B43DCCCD6FFF9F2B6E
SSL_free() in state 00000001 = 0001 = SSLOK  (SSL negotiation finished successfully) [accept socket]
SSL_free() in state 00000001 = 0001 = SSLOK  (SSL negotiation finished successfully) [connect socket]
SNI peek: [o2.pl] [complete], fd=28
Connecting to [212.77.98.29]:443
Attempt reuse dst SSL session
===> Original server certificate:
Subject DN: /CN=*.o2.pl
Common Names: *.o2.pl/*.o2.pl/o2.pl
Fingerprint: 31:A6:82:23:07:BE:BC:C6:79:AC80:FC:FD:BE:B6:1A:50:EB:56:2A
Certificate cache: HIT
===> Forged server certificate:
Subject DN: /CN=*.o2.pl
Common Names: *.o2.pl/*.o2.pl/o2.pl
Fingerprint: 9F:0F:69:AB:CC:03:90:76:3B:9B5D:F1:A4:40:0F:D5:DC:27:F6:28
SSL session cache: HIT
Certificate cache: KEEP (SNI match or target mode)
HTTPS connected to [212.77.98.29]:443 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
CLIENT_RANDOM 62B95190D4F81DFC08C8B5F35F3D11BBAA7F484D013B13B284AD79A3E8E317EA 5EBB58AC19E570E59A41C2995121DE7FF182EE71AEF3C81957658CEC11811DF002AC09C5C07829B43DCCCD6FFF9F2B6E
SSL_free() in state 00000001 = 0001 = SSLOK  (SSL negotiation finished successfully) [accept socket]
SSL_free() in state 00000001 = 0001 = SSLOK  (SSL negotiation finished successfully) [connect socket]
STATS: thr=0, mld=0, mfd=0, mat=0, mct=0, iib=4048, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=0
STATS: thr=1, mld=0, mfd=0, mat=0, mct=0, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=0
STATS: thr=2, mld=0, mfd=0, mat=0, mct=0, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=0
STATS: thr=3, mld=0, mfd=0, mat=0, mct=0, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=0
Received signal 2
Main event loop stopped (reason=2).
Received privsep req type 00 sz 1 on srvsock 14
Child pid 57315 exited with status 0
@sonertari
Copy link
Owner

For very verbose debug logs, including such block logs, you should enable the DEBUG_PROXY switch in Mk.main.mk, recompile, and start sslproxy with the -D4 option.

@piolug93
Copy link
Contributor Author

I compiled with DEBUG_PROXY and run with -D4. connection.log is empty while conntent.log have content.
content.log

2022-06-27 14:48:13 UTC [10.1.40.3]:50230 -> [13.107.5.80]:443 (248):
GET /qsml.aspx HTTP/1.1
Accept: */*
Accept-Language: pl-PL
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: api.bing.com
Connection: Keep-Alive
Cache-Control: no-cache

2022-06-27 14:48:13 UTC [10.1.40.3]:50230 -> [13.107.5.80]:443 (EOF)
2022-06-27 14:48:13 UTC [10.1.40.3]:50231 -> [13.107.5.80]:443 (248):
GET /qsml.aspx HTTP/1.1
Accept: */*
Accept-Language: pl-PL
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: api.bing.com
Connection: Keep-Alive
Cache-Control: no-cache

2022-06-27 14:48:13 UTC [10.1.40.3]:50231 -> [13.107.5.80]:443 (EOF)
2022-06-27 14:48:13 UTC [10.1.40.3]:50232 -> [54.192.231.126]:443 (369):
GET / HTTP/1.1
Accept: text/html, application/xhtml+xml, image/jxr, */*
Accept-Language: pl-PL
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.onet.pl
Connection: Keep-Alive
Cookie: __gfp_64b=_9AQBMiJRfzARdJ_dz4SzAS7FPVeQpr1V364hKPt4uj.j7|1652459941; ea_uuid=202205131839065852208359

2022-06-27 14:48:13 UTC [10.1.40.3]:50232 -> [54.192.231.126]:443 (EOF)
2022-06-27 14:48:13 UTC [10.1.40.3]:50233 -> [54.192.231.126]:443 (369):
GET / HTTP/1.1
Accept: text/html, application/xhtml+xml, image/jxr, */*
Accept-Language: pl-PL
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.onet.pl
Connection: Keep-Alive
Cookie: __gfp_64b=_9AQBMiJRfzARdJ_dz4SzAS7FPVeQpr1V364hKPt4uj.j7|1652459941; ea_uuid=202205131839065852208359

2022-06-27 14:48:13 UTC [10.1.40.3]:50233 -> [54.192.231.126]:443 (EOF)

debug log

SSLproxy  (built 2022-06-27)
------------------------------------------------------------------------------
WARNING: Something is wrong with the version compiled into sslproxy!
The version should contain a release number and/or a git commit reference.
If using a package, please report a bug to the distro package maintainer.
------------------------------------------------------------------------------
Copyright (c) 2017-2022, Soner Tari <[email protected]>
https://github.com/sonertari/SSLproxy
Copyright (c) 2009-2019, Daniel Roethlisberger <[email protected]>
https://www.roe.ch/SSLsplit
Build info: V:DIR N:56b3680
Features: -DDEBUG_PROXY -DHAVE_NETFILTER -DWITHOUT_USERAUTH
NAT engines: netfilter* tproxy
netfilter: IP_TRANSPARENT IP6T_SO_ORIGINAL_DST
Local process info support: no
compiled against OpenSSL 1.1.1n  15 Mar 2022 (101010ef)
rtlinked against OpenSSL 1.1.1n  15 Mar 2022 (101010ef)
OpenSSL has support for TLS extensions
TLS Server Name Indication (SNI) supported
OpenSSL is thread-safe with THREADID
OpenSSL has engine support
Using SSL_MODE_RELEASE_BUFFERS
SSL/TLS protocol availability: tls10 tls11 tls12 tls13
SSL/TLS algorithm availability: !SHA0 RSA DSA ECDSA DH ECDH EC
OpenSSL option availability: SSL_OP_NO_COMPRESSION SSL_OP_NO_TICKET SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION SSL_OP_TLS_ROLLBACK_BUG
compiled against libevent 2.1.12-stable
rtlinked against libevent 2.1.12-stable
compiled against libnet 1.1.6
rtlinked against libnet 1.1.6
compiled against libpcap n/a
rtlinked against libpcap 1.10.0 (with TPACKET_V3)
2 CPU cores detected
Generated 2048 bit RSA key for leaf certs.
Global conn opts: negotiate>=tls10<=tls13|passthrough|ALL:!RC4|TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256|no ecdhcurve|no leafcrlurl|verify_peer|allow_wrong_host|validate_proto|8192
proxyspecs:
- listen=[0.0.0.0]:3129 ssl|http netfilter
opts= conn opts: negotiate>=tls10<=tls13|passthrough|ALL:!RC4|TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256|no ecdhcurve|no leafcrlurl|verify_peer|allow_wrong_host|validate_proto|8192
split
macro $repositories = *.debian.org, packages.gitlab.com, ftp.de.debian.org, d20rj4el6vkp4c.cloudfront.net
filter rule 0: dstip=, dstport=, srcip=, exact=||, all=conns|sites|, action=|||block|, log=connect|master|cert|content|pcap|mirror, precedence=2, line=323
filter rule 1: dstip=, dstport=, srcip=10.10.10., exact=||, all=|sites|, action=|split|||, log=connect|master|cert|content|pcap|mirror, precedence=3, line=324
filter rule 2: dstip=, dstport=, srcip=10.1.20.4, exact=||ip, all=|sites|, action=|split|||, log=connect|master|cert|content|pcap|mirror, precedence=3, line=325
filter rule 3: dstip=, dstport=, srcip=10.1.10.103, exact=||ip, all=|sites|, action=|split|||, log=connect|master|cert|content|pcap|mirror, precedence=3, line=326
filter rule 4: host=*.debian.org, dstport=, srcip=, exact=site||, all=conns||, action=|split|||, log=connect|master|cert|content|pcap|mirror, precedence=2, line=327
filter rule 5: host=packages.gitlab.com, dstport=, srcip=, exact=site||, all=conns||, action=|split|||, log=connect|master|cert|content|pcap|mirror, precedence=2, line=327
filter rule 6: host=ftp.de.debian.org, dstport=, srcip=, exact=site||, all=conns||, action=|split|||, log=connect|master|cert|content|pcap|mirror, precedence=2, line=327
filter rule 7: host=d20rj4el6vkp4c.cloudfront.net, dstport=, srcip=, exact=site||, all=conns||, action=|split|||, log=connect|master|cert|content|pcap|mirror, precedence=2, line=327
filter=>
ip_filter_exact->
  ip 0 10.1.10.103 (exact)=
    ip all:
      0:  (all_sites, substring, action=|split|||, log=connect|master|cert|content|pcap|mirror, precedence=3, line=326)
  ip 1 10.1.20.4 (exact)=
    ip all:
      0:  (all_sites, substring, action=|split|||, log=connect|master|cert|content|pcap|mirror, precedence=3, line=325)
ip_filter_substring->
  ip 0 10.10.10. (substring)=
    ip all:
      0:  (all_sites, substring, action=|split|||, log=connect|master|cert|content|pcap|mirror, precedence=3, line=324)
filter_all->
    ip all:
      0:  (all_sites, substring, action=|||block|, log=connect|master|cert|content|pcap|mirror, precedence=2, line=323)
    host exact:
      0: *.debian.org (exact, action=|split|||, log=connect|master|cert|content|pcap|mirror, precedence=2, line=327)
      1: d20rj4el6vkp4c.cloudfront.net (exact, action=|split|||, log=connect|master|cert|content|pcap|mirror, precedence=2, line=327)
      2: ftp.de.debian.org (exact, action=|split|||, log=connect|master|cert|content|pcap|mirror, precedence=2, line=327)
      3: packages.gitlab.com (exact, action=|split|||, log=connect|master|cert|content|pcap|mirror, precedence=2, line=327)

- listen=[0.0.0.0]:3128 tcp|http netfilter
opts= conn opts: negotiate>=tls10<=tls13|passthrough|ALL:!RC4|TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256|no ecdhcurve|no leafcrlurl|verify_peer|allow_wrong_host|validate_proto|8192
split
macro $repositories = *.debian.org, packages.gitlab.com, ftp.de.debian.org, d20rj4el6vkp4c.cloudfront.net
filter rule 0: dstip=, dstport=, srcip=, exact=||, all=conns|sites|, action=|||block|, log=connect|master|cert|content|pcap|mirror, precedence=2, line=323
filter rule 1: dstip=, dstport=, srcip=10.10.10., exact=||, all=|sites|, action=|split|||, log=connect|master|cert|content|pcap|mirror, precedence=3, line=324
filter rule 2: dstip=, dstport=, srcip=10.1.20.4, exact=||ip, all=|sites|, action=|split|||, log=connect|master|cert|content|pcap|mirror, precedence=3, line=325
filter rule 3: dstip=, dstport=, srcip=10.1.10.103, exact=||ip, all=|sites|, action=|split|||, log=connect|master|cert|content|pcap|mirror, precedence=3, line=326
filter rule 4: host=*.debian.org, dstport=, srcip=, exact=site||, all=conns||, action=|split|||, log=connect|master|cert|content|pcap|mirror, precedence=2, line=327
filter rule 5: host=packages.gitlab.com, dstport=, srcip=, exact=site||, all=conns||, action=|split|||, log=connect|master|cert|content|pcap|mirror, precedence=2, line=327
filter rule 6: host=ftp.de.debian.org, dstport=, srcip=, exact=site||, all=conns||, action=|split|||, log=connect|master|cert|content|pcap|mirror, precedence=2, line=327
filter rule 7: host=d20rj4el6vkp4c.cloudfront.net, dstport=, srcip=, exact=site||, all=conns||, action=|split|||, log=connect|master|cert|content|pcap|mirror, precedence=2, line=327
filter=>
ip_filter_exact->
  ip 0 10.1.10.103 (exact)=
    ip all:
      0:  (all_sites, substring, action=|split|||, log=connect|master|cert|content|pcap|mirror, precedence=3, line=326)
  ip 1 10.1.20.4 (exact)=
    ip all:
      0:  (all_sites, substring, action=|split|||, log=connect|master|cert|content|pcap|mirror, precedence=3, line=325)
ip_filter_substring->
  ip 0 10.10.10. (substring)=
    ip all:
      0:  (all_sites, substring, action=|split|||, log=connect|master|cert|content|pcap|mirror, precedence=3, line=324)
filter_all->
    ip all:
      0:  (all_sites, substring, action=|||block|, log=connect|master|cert|content|pcap|mirror, precedence=2, line=323)
    host exact:
      0: *.debian.org (exact, action=|split|||, log=connect|master|cert|content|pcap|mirror, precedence=2, line=327)
      1: d20rj4el6vkp4c.cloudfront.net (exact, action=|split|||, log=connect|master|cert|content|pcap|mirror, precedence=2, line=327)
      2: ftp.de.debian.org (exact, action=|split|||, log=connect|master|cert|content|pcap|mirror, precedence=2, line=327)
      3: packages.gitlab.com (exact, action=|split|||, log=connect|master|cert|content|pcap|mirror, precedence=2, line=327)

Loaded Global CA: '/C=cenzored/ST=cenzored/L=cenzored/O=cenzored/emailAddress=cenzored/CN=cenzored'
Loaded ProxySpec CA: '/C=cenzored/ST=cenzored/L=cenzored/O=cenzored/emailAddress=cenzored/CN=cenzored'
Loaded ProxySpec CA: '/C=cenzored/ST=cenzored/L=cenzored/O=cenzored/emailAddress=cenzored/CN=cenzored'
SSL/TLS leaf certificates taken from:
- Global generated on the fly
Privsep fastpath disabled
Created self-pipe [r=8,w=9]
Created chld-pipe [r=10,w=11]
Created socketpair 0 [p=12,c=13]
Created socketpair 1 [p=14,c=15]
Created socketpair 2 [p=16,c=17]
Created socketpair 3 [p=18,c=19]
Created socketpair 4 [p=20,c=21]
Created socketpair 5 [p=22,c=23]
Privsep parent pid 74550
Privsep child pid 74551
Using libevent backend 'epoll'
Event base supports: edge yes, O(1) yes, anyfd no
[FINEST] proxy_listener_setup: ENTER
Received privsep req type 03 sz 9 on srvsock 12
[FINEST] proxy_listener_setup: ENTER
Received privsep req type 03 sz 9 on srvsock 12
Received privsep req type 00 sz 1 on srvsock 12
Dropped privs to user proxy group proxy chroot -
Received privsep req type 00 sz 1 on srvsock 14
Received privsep req type 00 sz 1 on srvsock 22
Inserted events:
  0x55e922c94498 [fd  8] Read Persist Internal
  0x55e922c94670 [fd  10] Read Persist Internal
  0x55e922c92858 [fd  11] Read Persist
  0x55e922c93a48 [fd  12] Read Persist
  0x55e922c8d020 [sig 1] Signal Persist
  0x55e922c5af90 [sig 2] Signal Persist
  0x55e922c88f40 [sig 3] Signal Persist
  0x55e922c8d180 [sig 10] Signal Persist
  0x55e922c8d3f0 [sig 13] Signal Persist
  0x55e922c8f0a0 [sig 15] Signal Persist
  0x55e922c84290 [fd  -1] Persist Timeout=1656341351.967713
Active events:
Initialized 4 connection handling threads
Started 4 connection handling threads
Starting main event loop.
[FINEST] proxy_listener_acceptcb: ENTER, fd=32
[FINEST] proxy_conn_ctx_new: ENTER, fd=32
[FINEST] [0.0 fd=32 cfd=0] proxy_conn_ctx_new: Created new conn
[FINEST] [0.0 fd=32 cfd=0] pxy_thrmgr_assign_thr: ENTER
[FINEST] [0.0 fd=32 cfd=0] protossl_init_conn: ENTER
[FINEST] [0.0 fd=32 cfd=0] pxy_conn_init: ENTER
[FINEST] [0.0 fd=32 cfd=0] pxy_thr_attach: Adding conn
[FINER] [0.0 fd=32 cfd=0] check_fd_usage: descriptor_table_size=1024, dtablecount=34, reserve=10
[FINEST] [0.0 fd=32 cfd=0] pxy_conn_init: srcaddr= [10.1.40.3]:50230
[FINEST] [0.0 fd=32 cfd=0] protossl_fd_readcb: ENTER
SNI peek: [api.bing.com] [complete], fd=32
[FINEST] [0.0 fd=32 cfd=0] pxy_conn_connect: ENTER
[FINEST] [0.0 fd=32 cfd=0] pxy_conn_filter: Searching ip exact: 10.1.40.3
[FINEST] [0.0 fd=32 cfd=0] pxy_conn_filter: Searching ip substring: 10.1.40.3
[FINEST] [0.0 fd=32 cfd=0] pxy_conn_filter: Searching all
[FINE] [0.0 fd=32 cfd=0] pxy_conn_filter_match_ip: Found site (line=323):  for 10.1.40.3:50230, 13.107.5.80:443
[FINEST] [0.0 fd=32 cfd=0] pxy_conn_filter_match_ip: Match all dst (line=323): , 13.107.5.80
[FINEST] [0.0 fd=32 cfd=0] pxy_conn_filter_port: No filter match with port: 10.1.40.3:50230, 13.107.5.80:443
[FINE] [0.0 fd=32 cfd=0] pxy_conn_set_filter_action: Filter block action for 13.107.5.80, precedence 2 (line=323)
[FINE] [0.0 fd=32 cfd=0] pxy_conn_set_filter_action: Filter enable connect log for 13.107.5.80, precedence 2 (line=323)
[FINE] [0.0 fd=32 cfd=0] pxy_conn_set_filter_action: Filter enable master log for 13.107.5.80, precedence 2 (line=323)
[FINE] [0.0 fd=32 cfd=0] pxy_conn_set_filter_action: Filter enable cert log for 13.107.5.80, precedence 2 (line=323)
[FINE] [0.0 fd=32 cfd=0] pxy_conn_set_filter_action: Filter enable content log for 13.107.5.80, precedence 2 (line=323)
[FINE] [0.0 fd=32 cfd=0] pxy_conn_set_filter_action: Filter enable pcap log for 13.107.5.80, precedence 2 (line=323)
[FINE] [0.0 fd=32 cfd=0] pxy_conn_set_filter_action: Filter enable mirror log for 13.107.5.80, precedence 2 (line=323)
[FINE] [0.0 fd=32 cfd=0] pxy_conn_apply_filter: Deferring block action
Connecting to [13.107.5.80]:443
[FINEST] [0.0 fd=32 cfd=0] protossl_conn_connect: ENTER
[FINEST] [0.0 fd=32 cfd=0] protossl_bufferevent_setup: ENTER, fd=-1
[FINEST] [0.0 fd=32 cfd=0] protossl_bufferevent_setup: bufferevent_openssl_set_allow_dirty_shutdown, fd=-1
[FINEST] [0.0 fd=32 cfd=0] protossl_bev_eventcb_connected_srvdst: ENTER
[FINEST] [0.0 fd=32 cfd=0] pxy_conn_filter: Searching ip exact: 10.1.40.3
[FINEST] [0.0 fd=32 cfd=0] pxy_conn_filter: Searching ip substring: 10.1.40.3
[FINEST] [0.0 fd=32 cfd=0] pxy_conn_filter: Searching all
[FINE] [0.0 fd=32 cfd=0] pxy_conn_filter_match_ip: Found site (line=323):  for 10.1.40.3:50230, 13.107.5.80:443
[FINEST] [0.0 fd=32 cfd=0] pxy_conn_filter_match_ip: Match all dst (line=323): , 13.107.5.80
[FINEST] [0.0 fd=32 cfd=0] pxy_conn_filter_port: No filter match with port: 10.1.40.3:50230, 13.107.5.80:443
[FINE] [0.0 fd=32 cfd=0] pxy_conn_set_filter_action: Filter block action for 13.107.5.80, precedence 2 (line=323)
[FINE] [0.0 fd=32 cfd=0] pxy_conn_set_filter_action: Filter enable connect log for 13.107.5.80, precedence 2 (line=323)
[FINE] [0.0 fd=32 cfd=0] pxy_conn_set_filter_action: Filter enable master log for 13.107.5.80, precedence 2 (line=323)
[FINE] [0.0 fd=32 cfd=0] pxy_conn_set_filter_action: Filter enable cert log for 13.107.5.80, precedence 2 (line=323)
[FINE] [0.0 fd=32 cfd=0] pxy_conn_set_filter_action: Filter enable content log for 13.107.5.80, precedence 2 (line=323)
[FINE] [0.0 fd=32 cfd=0] pxy_conn_set_filter_action: Filter enable pcap log for 13.107.5.80, precedence 2 (line=323)
[FINE] [0.0 fd=32 cfd=0] pxy_conn_set_filter_action: Filter enable mirror log for 13.107.5.80, precedence 2 (line=323)
[FINE] [0.0 fd=32 cfd=0] pxy_conn_apply_filter: Deferring block action
===> Original server certificate:
Subject DN: /CN=www.bing.com
Common Names: www.bing.com/www.bing.com/dict.bing.com.cn/*.platform.bing.com/*.bing.com/bing.com/ieonline.microsoft.com/*.windowssearch.com/cn.ieonline.microsoft.com/*.origin.bing.com/*.mm.bing.net/*.api.bing.com/ecn.dev.virtualearth.net/*.cn.bing.net/*.cn.bing.com/ssl-api.bing.com/ssl-api.bing.net/*.api.bing.net/*.bingapis.com/bingsandbox.com/feedback.microsoft.com/insertmedia.bing.office.net/r.bat.bing.com/*.r.bat.bing.com/*.dict.bing.com.cn/*.dict.bing.com/*.ssl.bing.com/*.appex.bing.com/*.platform.cn.bing.com/wp.m.bing.com/*.m.bing.com/global.bing.com/windowssearch.com/search.msn.com/*.bingsandbox.com/*.api.tiles.ditu.live.com/*.ditu.live.com/*.t0.tiles.ditu.live.com/*.t1.tiles.ditu.live.com/*.t2.tiles.ditu.live.com/*.t3.tiles.ditu.live.com/*.tiles.ditu.live.com/3d.live.com/api.search.live.com/beta.search.live.com/cnweb.search.live.com/dev.live.com/ditu.live.com/farecast.live.com/image.live.com/images.live.com/local.live.com.au/localsearch.live.com/ls4d.search.live.com/mail.live.com/mapindia.live.com/local.live.com/maps.live.com/maps.live.com.au/mindia.live.com/news.live.com/origin.cnweb.search.live.com/preview.local.live.com/search.live.com/test.maps.live.com/video.live.com/videos.live.com/virtualearth.live.com/wap.live.com/webmaster.live.com/webmasters.live.com/www.local.live.com.au/www.maps.live.com.au
Fingerprint: EB:39:0A:AB:CF:92:D2:3C:DE:A1CD:8A:8A:99:95:9D:76:38:39:BF
Certificate cache: MISS
===> Forged server certificate:
Subject DN: /CN=www.bing.com
Common Names: www.bing.com/www.bing.com/dict.bing.com.cn/*.platform.bing.com/*.bing.com/bing.com/ieonline.microsoft.com/*.windowssearch.com/cn.ieonline.microsoft.com/*.origin.bing.com/*.mm.bing.net/*.api.bing.com/ecn.dev.virtualearth.net/*.cn.bing.net/*.cn.bing.com/ssl-api.bing.com/ssl-api.bing.net/*.api.bing.net/*.bingapis.com/bingsandbox.com/feedback.microsoft.com/insertmedia.bing.office.net/r.bat.bing.com/*.r.bat.bing.com/*.dict.bing.com.cn/*.dict.bing.com/*.ssl.bing.com/*.appex.bing.com/*.platform.cn.bing.com/wp.m.bing.com/*.m.bing.com/global.bing.com/windowssearch.com/search.msn.com/*.bingsandbox.com/*.api.tiles.ditu.live.com/*.ditu.live.com/*.t0.tiles.ditu.live.com/*.t1.tiles.ditu.live.com/*.t2.tiles.ditu.live.com/*.t3.tiles.ditu.live.com/*.tiles.ditu.live.com/3d.live.com/api.search.live.com/beta.search.live.com/cnweb.search.live.com/dev.live.com/ditu.live.com/farecast.live.com/image.live.com/images.live.com/local.live.com.au/localsearch.live.com/ls4d.search.live.com/mail.live.com/mapindia.live.com/local.live.com/maps.live.com/maps.live.com.au/mindia.live.com/news.live.com/origin.cnweb.search.live.com/preview.local.live.com/search.live.com/test.maps.live.com/video.live.com/videos.live.com/virtualearth.live.com/wap.live.com/webmaster.live.com/webmasters.live.com/www.local.live.com.au/www.maps.live.com.au
Fingerprint: 42:93:C0:F1:C7:AE:44:21:B0:E0D5:7F:EA:DB:63:12:7E:AE:30:8C
[FINEST] [0.0 fd=32 cfd=0] pxy_conn_filter: Searching ip exact: 10.1.40.3
[FINEST] [0.0 fd=32 cfd=0] pxy_conn_filter: Searching ip substring: 10.1.40.3
[FINEST] [0.0 fd=32 cfd=0] pxy_conn_filter: Searching all
[FINEST] [0.0 fd=32 cfd=0] protossl_filter: No filter match with sni: 10.1.40.3:50230, 13.107.5.80:443, api.bing.com, www.bing.com/www.bing.com/dict.bing.com.cn/*.platform.bing.com/*.bing.com/bing.com/ieonline.microsoft.com/*.windowssearch.com/cn.ieonline.microsoft.com/*.origin.bing.com/*.mm.bing.net/*.api.bing.com/ecn.dev.virtualearth.net/*.cn.bing.net/*.cn.bing.com/ssl-api.bing.com/ssl-api.bing.net/*.api.bing.net/*.bingapis.com/bingsandbox.com/feedback.microsoft.com/insertmedia.bing.office.net/r.bat.bing.com/*.r.bat.bing.com/*.dict.bing.com.cn/*.dict.bing.com/*.ssl.bing.com/*.appex.bing.com/*.platform.cn.bing.com/wp.m.bing.com/*.m.bing.com/global.bing.com/windowssearch.com/search.msn.com/*.bingsandbox.com/*.api.tiles.ditu.live.com/*.ditu.live.com/*.t0.tiles.ditu.live.com/*.t1.tiles.ditu.live.com/*.t2.tiles.ditu.live.com/*.t3.tiles.ditu.live.com/*.tiles.ditu.live.com/3d.live.com/api.search.live.com/beta.search.live.com/cnweb.search.live.com/dev.live.com/ditu.live.com/farecast.live.com/image.live.com/images.live.com/local.live.com.au/localsearch.live.com/ls4d.search.live.com/mail.live.com/mapindia.live.com/local.live.com/maps.live.com/maps.live.com.au/mindia.live.com/news.live.com/origin.cnweb.search.live.com/preview.local.live.com/search.live.com/test.maps.live.com/video.live.com/videos.live.com/virtualearth.live.com/wap.live.com/webmaster.live.com/webmasters.live.com/www.local.live.com.au/www.maps.live.com.au
[FINEST] [0.0 fd=32 cfd=0] protossl_filter: No filter match with common names: 10.1.40.3:50230, 13.107.5.80:443, api.bing.com, www.bing.com/www.bing.com/dict.bing.com.cn/*.platform.bing.com/*.bing.com/bing.com/ieonline.microsoft.com/*.windowssearch.com/cn.ieonline.microsoft.com/*.origin.bing.com/*.mm.bing.net/*.api.bing.com/ecn.dev.virtualearth.net/*.cn.bing.net/*.cn.bing.com/ssl-api.bing.com/ssl-api.bing.net/*.api.bing.net/*.bingapis.com/bingsandbox.com/feedback.microsoft.com/insertmedia.bing.office.net/r.bat.bing.com/*.r.bat.bing.com/*.dict.bing.com.cn/*.dict.bing.com/*.ssl.bing.com/*.appex.bing.com/*.platform.cn.bing.com/wp.m.bing.com/*.m.bing.com/global.bing.com/windowssearch.com/search.msn.com/*.bingsandbox.com/*.api.tiles.ditu.live.com/*.ditu.live.com/*.t0.tiles.ditu.live.com/*.t1.tiles.ditu.live.com/*.t2.tiles.ditu.live.com/*.t3.tiles.ditu.live.com/*.tiles.ditu.live.com/3d.live.com/api.search.live.com/beta.search.live.com/cnweb.search.live.com/dev.live.com/ditu.live.com/farecast.live.com/image.live.com/images.live.com/local.live.com.au/localsearch.live.com/ls4d.search.live.com/mail.live.com/mapindia.live.com/local.live.com/maps.live.com/maps.live.com.au/mindia.live.com/news.live.com/origin.cnweb.search.live.com/preview.local.live.com/search.live.com/test.maps.live.com/video.live.com/videos.live.com/virtualearth.live.com/wap.live.com/webmaster.live.com/webmasters.live.com/www.local.live.com.au/www.maps.live.com.au
[FINEST] [0.0 fd=32 cfd=0] prototcp_disable_srvdst: ENTER
[FINEST] [0.0 fd=32 cfd=0] protossl_bev_eventcb_connected_dst: ENTER
[FINEST] [0.0 fd=32 cfd=0] protossl_bufferevent_setup: ENTER, fd=32
[FINEST] [0.0 fd=32 cfd=0] protossl_bufferevent_setup: bufferevent_openssl_set_allow_dirty_shutdown, fd=32
[FINER] [0.0 fd=32 cfd=0] protossl_enable_src: Enabling src
SSL session cache: MISS
Certificate cache: KEEP (SNI match or target mode)
[FINEST] [0.0 fd=32 cfd=0] prototcp_bev_eventcb_connected_src: ENTER
HTTPS connected to [13.107.5.80]:443 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
CLIENT_RANDOM 62B9C2A9D0AD8100729C81B35892178E180687FDAF6F733C128E533CC98A070A 41E3466551BC662A09BDD4A6DAF829EF1EF7E710200E3F720072B9CE22AD0FFEB2CA93BE4B35B0C55B046539ACAAEBBF
[FINEST] [0.0 fd=32 cfd=0] protohttp_bev_readcb_src: ENTER, size=248
[FINEST] [0.0 fd=32 cfd=0] protohttp_bev_readcb_src: HTTP Request Header, size=248
[FINEST] [0.0 fd=32 cfd=0] protohttp_filter_request_header: GET /qsml.aspx HTTP/1.1
[FINEST] [0.0 fd=32 cfd=0] protohttp_filter_request_header: Accept: */*
[FINEST] [0.0 fd=32 cfd=0] protohttp_filter_request_header: Accept-Language: pl-PL
[FINEST] [0.0 fd=32 cfd=0] protohttp_filter_request_header: User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
[FINEST] [0.0 fd=32 cfd=0] protohttp_filter_request_header: Accept-Encoding: gzip, deflate
[FINEST] [0.0 fd=32 cfd=0] protohttp_filter_request_header: Host: api.bing.com
[FINEST] [0.0 fd=32 cfd=0] protohttp_filter_request_header: Connection: Keep-Alive
[FINER] [0.0 fd=32 cfd=0] protohttp_filter_request_header: REPLACE= Connection: close
[FINEST] [0.0 fd=32 cfd=0] protohttp_filter_request_header: Cache-Control: no-cache
[FINEST] [0.0 fd=32 cfd=0] protohttp_filter_request_header:
[FINEST] [0.0 fd=32 cfd=0] pxy_conn_filter: Searching ip exact: 10.1.40.3
[FINEST] [0.0 fd=32 cfd=0] pxy_conn_filter: Searching ip substring: 10.1.40.3
[FINEST] [0.0 fd=32 cfd=0] pxy_conn_filter: Searching all
[FINEST] [0.0 fd=32 cfd=0] protohttp_filter: No filter match with host: 10.1.40.3:50230, 13.107.5.80:443, api.bing.com, /qsml.aspx
[FINEST] [0.0 fd=32 cfd=0] protohttp_filter: No filter match with uri: 10.1.40.3:50230, 13.107.5.80:443, api.bing.com, /qsml.aspx
[FINE] [0.0 fd=32 cfd=0] pxy_conn_apply_deferred_block_action: Applying deferred block action
[FINEST] [0.0 fd=32 cfd=0] pxy_conn_term: ENTER
[FINEST] [0.0 fd=32 cfd=0] pxy_conn_free: ENTER
[FINER] [0.0 fd=32 cfd=0] protossl_bufferevent_free_and_close_fd: in=0, out=0, fd=32
SSL_free() in state 00000001 = 0001 = SSLOK  (SSL negotiation finished successfully) [accept socket]
[FINER] [0.0 fd=32 cfd=0] protossl_bufferevent_free_and_close_fd: fd=32, SSL_free() in state 00000001 = 0001 = SSLOK  (SSL negotiation finished successfully) [accept socket]
[FINER] [0.0 fd=32 cfd=0] protossl_bufferevent_free_and_close_fd: in=0, out=243, fd=33
SSL_free() in state 00000001 = 0001 = SSLOK  (SSL negotiation finished successfully) [connect socket]
[FINER] [0.0 fd=32 cfd=0] protossl_bufferevent_free_and_close_fd: fd=33, SSL_free() in state 00000001 = 0001 = SSLOK  (SSL negotiation finished successfully) [connect socket]
[FINEST] [0.0 fd=32 cfd=0] pxy_conn_free_children: ENTER
[FINEST] [0.0 fd=32 cfd=0] pxy_conn_ctx_free: ENTER
[FINEST] [0.0 fd=32 cfd=0] pxy_thr_detach: Removing conn
[FINEST] [0.0 fd=32 cfd=0] pxy_thr_detach: Cannot find conn in thr conns, empty
[FINEST] proxy_listener_acceptcb: ENTER, fd=32
[FINEST] proxy_conn_ctx_new: ENTER, fd=32
[FINEST] [0.1 fd=32 cfd=0] proxy_conn_ctx_new: Created new conn
[FINEST] [0.1 fd=32 cfd=0] pxy_thrmgr_assign_thr: ENTER
[FINEST] [0.1 fd=32 cfd=0] protossl_init_conn: ENTER
[FINEST] [0.1 fd=32 cfd=0] pxy_conn_init: ENTER
[FINEST] [0.1 fd=32 cfd=0] pxy_thr_attach: Adding conn
[FINER] [0.1 fd=32 cfd=0] check_fd_usage: descriptor_table_size=1024, dtablecount=34, reserve=10
[FINEST] [0.1 fd=32 cfd=0] pxy_conn_init: srcaddr= [10.1.40.3]:50231
[FINEST] [0.1 fd=32 cfd=0] protossl_fd_readcb: ENTER
SNI peek: [api.bing.com] [complete], fd=32
[FINEST] [0.1 fd=32 cfd=0] pxy_conn_connect: ENTER
[FINEST] [0.1 fd=32 cfd=0] pxy_conn_filter: Searching ip exact: 10.1.40.3
[FINEST] [0.1 fd=32 cfd=0] pxy_conn_filter: Searching ip substring: 10.1.40.3
[FINEST] [0.1 fd=32 cfd=0] pxy_conn_filter: Searching all
[FINE] [0.1 fd=32 cfd=0] pxy_conn_filter_match_ip: Found site (line=323):  for 10.1.40.3:50231, 13.107.5.80:443
[FINEST] [0.1 fd=32 cfd=0] pxy_conn_filter_match_ip: Match all dst (line=323): , 13.107.5.80
[FINEST] [0.1 fd=32 cfd=0] pxy_conn_filter_port: No filter match with port: 10.1.40.3:50231, 13.107.5.80:443
[FINE] [0.1 fd=32 cfd=0] pxy_conn_set_filter_action: Filter block action for 13.107.5.80, precedence 2 (line=323)
[FINE] [0.1 fd=32 cfd=0] pxy_conn_set_filter_action: Filter enable connect log for 13.107.5.80, precedence 2 (line=323)
[FINE] [0.1 fd=32 cfd=0] pxy_conn_set_filter_action: Filter enable master log for 13.107.5.80, precedence 2 (line=323)
[FINE] [0.1 fd=32 cfd=0] pxy_conn_set_filter_action: Filter enable cert log for 13.107.5.80, precedence 2 (line=323)
[FINE] [0.1 fd=32 cfd=0] pxy_conn_set_filter_action: Filter enable content log for 13.107.5.80, precedence 2 (line=323)
[FINE] [0.1 fd=32 cfd=0] pxy_conn_set_filter_action: Filter enable pcap log for 13.107.5.80, precedence 2 (line=323)
[FINE] [0.1 fd=32 cfd=0] pxy_conn_set_filter_action: Filter enable mirror log for 13.107.5.80, precedence 2 (line=323)
[FINE] [0.1 fd=32 cfd=0] pxy_conn_apply_filter: Deferring block action
Connecting to [13.107.5.80]:443
[FINEST] [0.1 fd=32 cfd=0] protossl_conn_connect: ENTER
Attempt reuse dst SSL session
[FINEST] [0.1 fd=32 cfd=0] protossl_bufferevent_setup: ENTER, fd=-1
[FINEST] [0.1 fd=32 cfd=0] protossl_bufferevent_setup: bufferevent_openssl_set_allow_dirty_shutdown, fd=-1
[FINEST] [0.1 fd=32 cfd=0] protossl_bev_eventcb_connected_srvdst: ENTER
[FINEST] [0.1 fd=32 cfd=0] pxy_conn_filter: Searching ip exact: 10.1.40.3
[FINEST] [0.1 fd=32 cfd=0] pxy_conn_filter: Searching ip substring: 10.1.40.3
[FINEST] [0.1 fd=32 cfd=0] pxy_conn_filter: Searching all
[FINE] [0.1 fd=32 cfd=0] pxy_conn_filter_match_ip: Found site (line=323):  for 10.1.40.3:50231, 13.107.5.80:443
[FINEST] [0.1 fd=32 cfd=0] pxy_conn_filter_match_ip: Match all dst (line=323): , 13.107.5.80
[FINEST] [0.1 fd=32 cfd=0] pxy_conn_filter_port: No filter match with port: 10.1.40.3:50231, 13.107.5.80:443
[FINE] [0.1 fd=32 cfd=0] pxy_conn_set_filter_action: Filter block action for 13.107.5.80, precedence 2 (line=323)
[FINE] [0.1 fd=32 cfd=0] pxy_conn_set_filter_action: Filter enable connect log for 13.107.5.80, precedence 2 (line=323)
[FINE] [0.1 fd=32 cfd=0] pxy_conn_set_filter_action: Filter enable master log for 13.107.5.80, precedence 2 (line=323)
[FINE] [0.1 fd=32 cfd=0] pxy_conn_set_filter_action: Filter enable cert log for 13.107.5.80, precedence 2 (line=323)
[FINE] [0.1 fd=32 cfd=0] pxy_conn_set_filter_action: Filter enable content log for 13.107.5.80, precedence 2 (line=323)
[FINE] [0.1 fd=32 cfd=0] pxy_conn_set_filter_action: Filter enable pcap log for 13.107.5.80, precedence 2 (line=323)
[FINE] [0.1 fd=32 cfd=0] pxy_conn_set_filter_action: Filter enable mirror log for 13.107.5.80, precedence 2 (line=323)
[FINE] [0.1 fd=32 cfd=0] pxy_conn_apply_filter: Deferring block action
===> Original server certificate:
Subject DN: /CN=www.bing.com
Common Names: www.bing.com/www.bing.com/dict.bing.com.cn/*.platform.bing.com/*.bing.com/bing.com/ieonline.microsoft.com/*.windowssearch.com/cn.ieonline.microsoft.com/*.origin.bing.com/*.mm.bing.net/*.api.bing.com/ecn.dev.virtualearth.net/*.cn.bing.net/*.cn.bing.com/ssl-api.bing.com/ssl-api.bing.net/*.api.bing.net/*.bingapis.com/bingsandbox.com/feedback.microsoft.com/insertmedia.bing.office.net/r.bat.bing.com/*.r.bat.bing.com/*.dict.bing.com.cn/*.dict.bing.com/*.ssl.bing.com/*.appex.bing.com/*.platform.cn.bing.com/wp.m.bing.com/*.m.bing.com/global.bing.com/windowssearch.com/search.msn.com/*.bingsandbox.com/*.api.tiles.ditu.live.com/*.ditu.live.com/*.t0.tiles.ditu.live.com/*.t1.tiles.ditu.live.com/*.t2.tiles.ditu.live.com/*.t3.tiles.ditu.live.com/*.tiles.ditu.live.com/3d.live.com/api.search.live.com/beta.search.live.com/cnweb.search.live.com/dev.live.com/ditu.live.com/farecast.live.com/image.live.com/images.live.com/local.live.com.au/localsearch.live.com/ls4d.search.live.com/mail.live.com/mapindia.live.com/local.live.com/maps.live.com/maps.live.com.au/mindia.live.com/news.live.com/origin.cnweb.search.live.com/preview.local.live.com/search.live.com/test.maps.live.com/video.live.com/videos.live.com/virtualearth.live.com/wap.live.com/webmaster.live.com/webmasters.live.com/www.local.live.com.au/www.maps.live.com.au
Fingerprint: EB:39:0A:AB:CF:92:D2:3C:DE:A1CD:8A:8A:99:95:9D:76:38:39:BF
Certificate cache: HIT
===> Forged server certificate:
Subject DN: /CN=www.bing.com
Common Names: www.bing.com/www.bing.com/dict.bing.com.cn/*.platform.bing.com/*.bing.com/bing.com/ieonline.microsoft.com/*.windowssearch.com/cn.ieonline.microsoft.com/*.origin.bing.com/*.mm.bing.net/*.api.bing.com/ecn.dev.virtualearth.net/*.cn.bing.net/*.cn.bing.com/ssl-api.bing.com/ssl-api.bing.net/*.api.bing.net/*.bingapis.com/bingsandbox.com/feedback.microsoft.com/insertmedia.bing.office.net/r.bat.bing.com/*.r.bat.bing.com/*.dict.bing.com.cn/*.dict.bing.com/*.ssl.bing.com/*.appex.bing.com/*.platform.cn.bing.com/wp.m.bing.com/*.m.bing.com/global.bing.com/windowssearch.com/search.msn.com/*.bingsandbox.com/*.api.tiles.ditu.live.com/*.ditu.live.com/*.t0.tiles.ditu.live.com/*.t1.tiles.ditu.live.com/*.t2.tiles.ditu.live.com/*.t3.tiles.ditu.live.com/*.tiles.ditu.live.com/3d.live.com/api.search.live.com/beta.search.live.com/cnweb.search.live.com/dev.live.com/ditu.live.com/farecast.live.com/image.live.com/images.live.com/local.live.com.au/localsearch.live.com/ls4d.search.live.com/mail.live.com/mapindia.live.com/local.live.com/maps.live.com/maps.live.com.au/mindia.live.com/news.live.com/origin.cnweb.search.live.com/preview.local.live.com/search.live.com/test.maps.live.com/video.live.com/videos.live.com/virtualearth.live.com/wap.live.com/webmaster.live.com/webmasters.live.com/www.local.live.com.au/www.maps.live.com.au
Fingerprint: 42:93:C0:F1:C7:AE:44:21:B0:E0D5:7F:EA:DB:63:12:7E:AE:30:8C
[FINEST] [0.1 fd=32 cfd=0] pxy_conn_filter: Searching ip exact: 10.1.40.3
[FINEST] [0.1 fd=32 cfd=0] pxy_conn_filter: Searching ip substring: 10.1.40.3
[FINEST] [0.1 fd=32 cfd=0] pxy_conn_filter: Searching all
[FINEST] [0.1 fd=32 cfd=0] protossl_filter: No filter match with sni: 10.1.40.3:50231, 13.107.5.80:443, api.bing.com, www.bing.com/www.bing.com/dict.bing.com.cn/*.platform.bing.com/*.bing.com/bing.com/ieonline.microsoft.com/*.windowssearch.com/cn.ieonline.microsoft.com/*.origin.bing.com/*.mm.bing.net/*.api.bing.com/ecn.dev.virtualearth.net/*.cn.bing.net/*.cn.bing.com/ssl-api.bing.com/ssl-api.bing.net/*.api.bing.net/*.bingapis.com/bingsandbox.com/feedback.microsoft.com/insertmedia.bing.office.net/r.bat.bing.com/*.r.bat.bing.com/*.dict.bing.com.cn/*.dict.bing.com/*.ssl.bing.com/*.appex.bing.com/*.platform.cn.bing.com/wp.m.bing.com/*.m.bing.com/global.bing.com/windowssearch.com/search.msn.com/*.bingsandbox.com/*.api.tiles.ditu.live.com/*.ditu.live.com/*.t0.tiles.ditu.live.com/*.t1.tiles.ditu.live.com/*.t2.tiles.ditu.live.com/*.t3.tiles.ditu.live.com/*.tiles.ditu.live.com/3d.live.com/api.search.live.com/beta.search.live.com/cnweb.search.live.com/dev.live.com/ditu.live.com/farecast.live.com/image.live.com/images.live.com/local.live.com.au/localsearch.live.com/ls4d.search.live.com/mail.live.com/mapindia.live.com/local.live.com/maps.live.com/maps.live.com.au/mindia.live.com/news.live.com/origin.cnweb.search.live.com/preview.local.live.com/search.live.com/test.maps.live.com/video.live.com/videos.live.com/virtualearth.live.com/wap.live.com/webmaster.live.com/webmasters.live.com/www.local.live.com.au/www.maps.live.com.au
[FINEST] [0.1 fd=32 cfd=0] protossl_filter: No filter match with common names: 10.1.40.3:50231, 13.107.5.80:443, api.bing.com, www.bing.com/www.bing.com/dict.bing.com.cn/*.platform.bing.com/*.bing.com/bing.com/ieonline.microsoft.com/*.windowssearch.com/cn.ieonline.microsoft.com/*.origin.bing.com/*.mm.bing.net/*.api.bing.com/ecn.dev.virtualearth.net/*.cn.bing.net/*.cn.bing.com/ssl-api.bing.com/ssl-api.bing.net/*.api.bing.net/*.bingapis.com/bingsandbox.com/feedback.microsoft.com/insertmedia.bing.office.net/r.bat.bing.com/*.r.bat.bing.com/*.dict.bing.com.cn/*.dict.bing.com/*.ssl.bing.com/*.appex.bing.com/*.platform.cn.bing.com/wp.m.bing.com/*.m.bing.com/global.bing.com/windowssearch.com/search.msn.com/*.bingsandbox.com/*.api.tiles.ditu.live.com/*.ditu.live.com/*.t0.tiles.ditu.live.com/*.t1.tiles.ditu.live.com/*.t2.tiles.ditu.live.com/*.t3.tiles.ditu.live.com/*.tiles.ditu.live.com/3d.live.com/api.search.live.com/beta.search.live.com/cnweb.search.live.com/dev.live.com/ditu.live.com/farecast.live.com/image.live.com/images.live.com/local.live.com.au/localsearch.live.com/ls4d.search.live.com/mail.live.com/mapindia.live.com/local.live.com/maps.live.com/maps.live.com.au/mindia.live.com/news.live.com/origin.cnweb.search.live.com/preview.local.live.com/search.live.com/test.maps.live.com/video.live.com/videos.live.com/virtualearth.live.com/wap.live.com/webmaster.live.com/webmasters.live.com/www.local.live.com.au/www.maps.live.com.au
[FINEST] [0.1 fd=32 cfd=0] prototcp_disable_srvdst: ENTER
[FINEST] [0.1 fd=32 cfd=0] protossl_bev_eventcb_connected_dst: ENTER
[FINEST] [0.1 fd=32 cfd=0] protossl_bufferevent_setup: ENTER, fd=32
[FINEST] [0.1 fd=32 cfd=0] protossl_bufferevent_setup: bufferevent_openssl_set_allow_dirty_shutdown, fd=32
[FINER] [0.1 fd=32 cfd=0] protossl_enable_src: Enabling src
SSL session cache: HIT
Certificate cache: KEEP (SNI match or target mode)
[FINEST] [0.1 fd=32 cfd=0] prototcp_bev_eventcb_connected_src: ENTER
HTTPS connected to [13.107.5.80]:443 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
CLIENT_RANDOM 62B9C2A9D359EED71B61CD9E03E26869E0035B2A85683AB8C6BFF4D8D8484E8A 41E3466551BC662A09BDD4A6DAF829EF1EF7E710200E3F720072B9CE22AD0FFEB2CA93BE4B35B0C55B046539ACAAEBBF
[FINEST] [0.1 fd=32 cfd=0] protohttp_bev_readcb_src: ENTER, size=248
[FINEST] [0.1 fd=32 cfd=0] protohttp_bev_readcb_src: HTTP Request Header, size=248
[FINEST] [0.1 fd=32 cfd=0] protohttp_filter_request_header: GET /qsml.aspx HTTP/1.1
[FINEST] [0.1 fd=32 cfd=0] protohttp_filter_request_header: Accept: */*
[FINEST] [0.1 fd=32 cfd=0] protohttp_filter_request_header: Accept-Language: pl-PL
[FINEST] [0.1 fd=32 cfd=0] protohttp_filter_request_header: User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
[FINEST] [0.1 fd=32 cfd=0] protohttp_filter_request_header: Accept-Encoding: gzip, deflate
[FINEST] [0.1 fd=32 cfd=0] protohttp_filter_request_header: Host: api.bing.com
[FINEST] [0.1 fd=32 cfd=0] protohttp_filter_request_header: Connection: Keep-Alive
[FINER] [0.1 fd=32 cfd=0] protohttp_filter_request_header: REPLACE= Connection: close
[FINEST] [0.1 fd=32 cfd=0] protohttp_filter_request_header: Cache-Control: no-cache
[FINEST] [0.1 fd=32 cfd=0] protohttp_filter_request_header:
[FINEST] [0.1 fd=32 cfd=0] pxy_conn_filter: Searching ip exact: 10.1.40.3
[FINEST] [0.1 fd=32 cfd=0] pxy_conn_filter: Searching ip substring: 10.1.40.3
[FINEST] [0.1 fd=32 cfd=0] pxy_conn_filter: Searching all
[FINEST] [0.1 fd=32 cfd=0] protohttp_filter: No filter match with host: 10.1.40.3:50231, 13.107.5.80:443, api.bing.com, /qsml.aspx
[FINEST] [0.1 fd=32 cfd=0] protohttp_filter: No filter match with uri: 10.1.40.3:50231, 13.107.5.80:443, api.bing.com, /qsml.aspx
[FINE] [0.1 fd=32 cfd=0] pxy_conn_apply_deferred_block_action: Applying deferred block action
[FINEST] [0.1 fd=32 cfd=0] pxy_conn_term: ENTER
[FINEST] [0.1 fd=32 cfd=0] pxy_conn_free: ENTER
[FINER] [0.1 fd=32 cfd=0] protossl_bufferevent_free_and_close_fd: in=0, out=0, fd=32
SSL_free() in state 00000001 = 0001 = SSLOK  (SSL negotiation finished successfully) [accept socket]
[FINER] [0.1 fd=32 cfd=0] protossl_bufferevent_free_and_close_fd: fd=32, SSL_free() in state 00000001 = 0001 = SSLOK  (SSL negotiation finished successfully) [accept socket]
[FINER] [0.1 fd=32 cfd=0] protossl_bufferevent_free_and_close_fd: in=0, out=243, fd=33
SSL_free() in state 00000001 = 0001 = SSLOK  (SSL negotiation finished successfully) [connect socket]
[FINER] [0.1 fd=32 cfd=0] protossl_bufferevent_free_and_close_fd: fd=33, SSL_free() in state 00000001 = 0001 = SSLOK  (SSL negotiation finished successfully) [connect socket]
[FINEST] [0.1 fd=32 cfd=0] pxy_conn_free_children: ENTER
[FINEST] [0.1 fd=32 cfd=0] pxy_conn_ctx_free: ENTER
[FINEST] [0.1 fd=32 cfd=0] pxy_thr_detach: Removing conn
[FINEST] [0.1 fd=32 cfd=0] pxy_thr_detach: Cannot find conn in thr conns, empty
[FINEST] proxy_listener_acceptcb: ENTER, fd=32
[FINEST] proxy_conn_ctx_new: ENTER, fd=32
[FINEST] [0.2 fd=32 cfd=0] proxy_conn_ctx_new: Created new conn
[FINEST] [0.2 fd=32 cfd=0] pxy_thrmgr_assign_thr: ENTER
[FINEST] [0.2 fd=32 cfd=0] protossl_init_conn: ENTER
[FINEST] [0.2 fd=32 cfd=0] pxy_conn_init: ENTER
[FINEST] [0.2 fd=32 cfd=0] pxy_thr_attach: Adding conn
[FINER] [0.2 fd=32 cfd=0] check_fd_usage: descriptor_table_size=1024, dtablecount=34, reserve=10
[FINEST] [0.2 fd=32 cfd=0] pxy_conn_init: srcaddr= [10.1.40.3]:50232
[FINEST] [0.2 fd=32 cfd=0] protossl_fd_readcb: ENTER
SNI peek: [www.onet.pl] [complete], fd=32
[FINEST] [0.2 fd=32 cfd=0] pxy_conn_connect: ENTER
[FINEST] [0.2 fd=32 cfd=0] pxy_conn_filter: Searching ip exact: 10.1.40.3
[FINEST] [0.2 fd=32 cfd=0] pxy_conn_filter: Searching ip substring: 10.1.40.3
[FINEST] [0.2 fd=32 cfd=0] pxy_conn_filter: Searching all
[FINE] [0.2 fd=32 cfd=0] pxy_conn_filter_match_ip: Found site (line=323):  for 10.1.40.3:50232, 54.192.231.126:443
[FINEST] [0.2 fd=32 cfd=0] pxy_conn_filter_match_ip: Match all dst (line=323): , 54.192.231.126
[FINEST] [0.2 fd=32 cfd=0] pxy_conn_filter_port: No filter match with port: 10.1.40.3:50232, 54.192.231.126:443
[FINE] [0.2 fd=32 cfd=0] pxy_conn_set_filter_action: Filter block action for 54.192.231.126, precedence 2 (line=323)
[FINE] [0.2 fd=32 cfd=0] pxy_conn_set_filter_action: Filter enable connect log for 54.192.231.126, precedence 2 (line=323)
[FINE] [0.2 fd=32 cfd=0] pxy_conn_set_filter_action: Filter enable master log for 54.192.231.126, precedence 2 (line=323)
[FINE] [0.2 fd=32 cfd=0] pxy_conn_set_filter_action: Filter enable cert log for 54.192.231.126, precedence 2 (line=323)
[FINE] [0.2 fd=32 cfd=0] pxy_conn_set_filter_action: Filter enable content log for 54.192.231.126, precedence 2 (line=323)
[FINE] [0.2 fd=32 cfd=0] pxy_conn_set_filter_action: Filter enable pcap log for 54.192.231.126, precedence 2 (line=323)
[FINE] [0.2 fd=32 cfd=0] pxy_conn_set_filter_action: Filter enable mirror log for 54.192.231.126, precedence 2 (line=323)
[FINE] [0.2 fd=32 cfd=0] pxy_conn_apply_filter: Deferring block action
Connecting to [54.192.231.126]:443
[FINEST] [0.2 fd=32 cfd=0] protossl_conn_connect: ENTER
[FINEST] [0.2 fd=32 cfd=0] protossl_bufferevent_setup: ENTER, fd=-1
[FINEST] [0.2 fd=32 cfd=0] protossl_bufferevent_setup: bufferevent_openssl_set_allow_dirty_shutdown, fd=-1
[FINEST] [0.2 fd=32 cfd=0] protossl_bev_eventcb_connected_srvdst: ENTER
[FINEST] [0.2 fd=32 cfd=0] pxy_conn_filter: Searching ip exact: 10.1.40.3
[FINEST] [0.2 fd=32 cfd=0] pxy_conn_filter: Searching ip substring: 10.1.40.3
[FINEST] [0.2 fd=32 cfd=0] pxy_conn_filter: Searching all
[FINE] [0.2 fd=32 cfd=0] pxy_conn_filter_match_ip: Found site (line=323):  for 10.1.40.3:50232, 54.192.231.126:443
[FINEST] [0.2 fd=32 cfd=0] pxy_conn_filter_match_ip: Match all dst (line=323): , 54.192.231.126
[FINEST] [0.2 fd=32 cfd=0] pxy_conn_filter_port: No filter match with port: 10.1.40.3:50232, 54.192.231.126:443
[FINE] [0.2 fd=32 cfd=0] pxy_conn_set_filter_action: Filter block action for 54.192.231.126, precedence 2 (line=323)
[FINE] [0.2 fd=32 cfd=0] pxy_conn_set_filter_action: Filter enable connect log for 54.192.231.126, precedence 2 (line=323)
[FINE] [0.2 fd=32 cfd=0] pxy_conn_set_filter_action: Filter enable master log for 54.192.231.126, precedence 2 (line=323)
[FINE] [0.2 fd=32 cfd=0] pxy_conn_set_filter_action: Filter enable cert log for 54.192.231.126, precedence 2 (line=323)
[FINE] [0.2 fd=32 cfd=0] pxy_conn_set_filter_action: Filter enable content log for 54.192.231.126, precedence 2 (line=323)
[FINE] [0.2 fd=32 cfd=0] pxy_conn_set_filter_action: Filter enable pcap log for 54.192.231.126, precedence 2 (line=323)
[FINE] [0.2 fd=32 cfd=0] pxy_conn_set_filter_action: Filter enable mirror log for 54.192.231.126, precedence 2 (line=323)
[FINE] [0.2 fd=32 cfd=0] pxy_conn_apply_filter: Deferring block action
===> Original server certificate:
Subject DN: /C=PL/ST=Mazowieckie/L=Warszawa/O=Ringier Axel Springer Polska Sp z o.o./CN=*.onet.pl
Common Names: *.onet.pl/*.onet.pl/onet.pl
Fingerprint: 8D:2E:C2:32:79:53:3C:AB:D6:7856:75:7A:6C:D5:B4:1A:94:F4:B1
Certificate cache: MISS
===> Forged server certificate:
Subject DN: /C=PL/ST=Mazowieckie/L=Warszawa/O=Ringier Axel Springer Polska Sp z o.o./CN=*.onet.pl
Common Names: *.onet.pl/*.onet.pl/onet.pl
Fingerprint: D1:DD:A5:45:EA:8A:FB:F0:62:610E:26:3C:4D:1C:7B:2F:9C:61:56
[FINEST] [0.2 fd=32 cfd=0] pxy_conn_filter: Searching ip exact: 10.1.40.3
[FINEST] [0.2 fd=32 cfd=0] pxy_conn_filter: Searching ip substring: 10.1.40.3
[FINEST] [0.2 fd=32 cfd=0] pxy_conn_filter: Searching all
[FINEST] [0.2 fd=32 cfd=0] protossl_filter: No filter match with sni: 10.1.40.3:50232, 54.192.231.126:443, www.onet.pl, *.onet.pl/*.onet.pl/onet.pl
[FINEST] [0.2 fd=32 cfd=0] protossl_filter: No filter match with common names: 10.1.40.3:50232, 54.192.231.126:443, www.onet.pl, *.onet.pl/*.onet.pl/onet.pl
[FINEST] [0.2 fd=32 cfd=0] prototcp_disable_srvdst: ENTER
[FINEST] [0.2 fd=32 cfd=0] protossl_bev_eventcb_connected_dst: ENTER
[FINEST] [0.2 fd=32 cfd=0] protossl_bufferevent_setup: ENTER, fd=32
[FINEST] [0.2 fd=32 cfd=0] protossl_bufferevent_setup: bufferevent_openssl_set_allow_dirty_shutdown, fd=32
[FINER] [0.2 fd=32 cfd=0] protossl_enable_src: Enabling src
SSL session cache: MISS
Certificate cache: KEEP (SNI match or target mode)
[FINEST] [0.2 fd=32 cfd=0] prototcp_bev_eventcb_connected_src: ENTER
HTTPS connected to [54.192.231.126]:443 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
CLIENT_RANDOM 62B9C2AAA48E96B5184436CF037A36B925137F8254EA463BCF3BEA78F869BCF7 241DCE93CE4B3744398B36F68C58FA8C1A2E5D58163D9BB1AE8F8CBE8E7CDC3786DECDB27A64FC30BEE49B003CEEDE66
[FINEST] [0.2 fd=32 cfd=0] protohttp_bev_readcb_src: ENTER, size=369
[FINEST] [0.2 fd=32 cfd=0] protohttp_bev_readcb_src: HTTP Request Header, size=369
[FINEST] [0.2 fd=32 cfd=0] protohttp_filter_request_header: GET / HTTP/1.1
[FINEST] [0.2 fd=32 cfd=0] protohttp_filter_request_header: Accept: text/html, application/xhtml+xml, image/jxr, */*
[FINEST] [0.2 fd=32 cfd=0] protohttp_filter_request_header: Accept-Language: pl-PL
[FINEST] [0.2 fd=32 cfd=0] protohttp_filter_request_header: User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
[FINEST] [0.2 fd=32 cfd=0] protohttp_filter_request_header: Accept-Encoding: gzip, deflate
[FINEST] [0.2 fd=32 cfd=0] protohttp_filter_request_header: Host: www.onet.pl
[FINEST] [0.2 fd=32 cfd=0] protohttp_filter_request_header: Connection: Keep-Alive
[FINER] [0.2 fd=32 cfd=0] protohttp_filter_request_header: REPLACE= Connection: close
[FINEST] [0.2 fd=32 cfd=0] protohttp_filter_request_header: Cookie: __gfp_64b=_9AQBMiJRfzARdJ_dz4SzAS7FPVeQpr1V364hKPt4uj.j7|1652459941; ea_uuid=202205131839065852208359
[FINEST] [0.2 fd=32 cfd=0] protohttp_filter_request_header:
[FINEST] [0.2 fd=32 cfd=0] pxy_conn_filter: Searching ip exact: 10.1.40.3
[FINEST] [0.2 fd=32 cfd=0] pxy_conn_filter: Searching ip substring: 10.1.40.3
[FINEST] [0.2 fd=32 cfd=0] pxy_conn_filter: Searching all
[FINEST] [0.2 fd=32 cfd=0] protohttp_filter: No filter match with host: 10.1.40.3:50232, 54.192.231.126:443, www.onet.pl, /
[FINEST] [0.2 fd=32 cfd=0] protohttp_filter: No filter match with uri: 10.1.40.3:50232, 54.192.231.126:443, www.onet.pl, /
[FINE] [0.2 fd=32 cfd=0] pxy_conn_apply_deferred_block_action: Applying deferred block action
[FINEST] [0.2 fd=32 cfd=0] pxy_conn_term: ENTER
[FINEST] [0.2 fd=32 cfd=0] pxy_conn_free: ENTER
[FINER] [0.2 fd=32 cfd=0] protossl_bufferevent_free_and_close_fd: in=0, out=0, fd=32
SSL_free() in state 00000001 = 0001 = SSLOK  (SSL negotiation finished successfully) [accept socket]
[FINER] [0.2 fd=32 cfd=0] protossl_bufferevent_free_and_close_fd: fd=32, SSL_free() in state 00000001 = 0001 = SSLOK  (SSL negotiation finished successfully) [accept socket]
[FINER] [0.2 fd=32 cfd=0] protossl_bufferevent_free_and_close_fd: in=0, out=364, fd=33
SSL_free() in state 00000001 = 0001 = SSLOK  (SSL negotiation finished successfully) [connect socket]
[FINER] [0.2 fd=32 cfd=0] protossl_bufferevent_free_and_close_fd: fd=33, SSL_free() in state 00000001 = 0001 = SSLOK  (SSL negotiation finished successfully) [connect socket]
[FINEST] [0.2 fd=32 cfd=0] pxy_conn_free_children: ENTER
[FINEST] [0.2 fd=32 cfd=0] pxy_conn_ctx_free: ENTER
[FINEST] [0.2 fd=32 cfd=0] pxy_thr_detach: Removing conn
[FINEST] [0.2 fd=32 cfd=0] pxy_thr_detach: Cannot find conn in thr conns, empty
[FINEST] proxy_listener_acceptcb: ENTER, fd=32
[FINEST] proxy_conn_ctx_new: ENTER, fd=32
[FINEST] [0.3 fd=32 cfd=0] proxy_conn_ctx_new: Created new conn
[FINEST] [0.3 fd=32 cfd=0] pxy_thrmgr_assign_thr: ENTER
[FINEST] [0.3 fd=32 cfd=0] protossl_init_conn: ENTER
[FINEST] [0.3 fd=32 cfd=0] pxy_conn_init: ENTER
[FINEST] [0.3 fd=32 cfd=0] pxy_thr_attach: Adding conn
[FINER] [0.3 fd=32 cfd=0] check_fd_usage: descriptor_table_size=1024, dtablecount=34, reserve=10
[FINEST] [0.3 fd=32 cfd=0] pxy_conn_init: srcaddr= [10.1.40.3]:50233
[FINEST] [0.3 fd=32 cfd=0] protossl_fd_readcb: ENTER
SNI peek: [www.onet.pl] [complete], fd=32
[FINEST] [0.3 fd=32 cfd=0] pxy_conn_connect: ENTER
[FINEST] [0.3 fd=32 cfd=0] pxy_conn_filter: Searching ip exact: 10.1.40.3
[FINEST] [0.3 fd=32 cfd=0] pxy_conn_filter: Searching ip substring: 10.1.40.3
[FINEST] [0.3 fd=32 cfd=0] pxy_conn_filter: Searching all
[FINE] [0.3 fd=32 cfd=0] pxy_conn_filter_match_ip: Found site (line=323):  for 10.1.40.3:50233, 54.192.231.126:443
[FINEST] [0.3 fd=32 cfd=0] pxy_conn_filter_match_ip: Match all dst (line=323): , 54.192.231.126
[FINEST] [0.3 fd=32 cfd=0] pxy_conn_filter_port: No filter match with port: 10.1.40.3:50233, 54.192.231.126:443
[FINE] [0.3 fd=32 cfd=0] pxy_conn_set_filter_action: Filter block action for 54.192.231.126, precedence 2 (line=323)
[FINE] [0.3 fd=32 cfd=0] pxy_conn_set_filter_action: Filter enable connect log for 54.192.231.126, precedence 2 (line=323)
[FINE] [0.3 fd=32 cfd=0] pxy_conn_set_filter_action: Filter enable master log for 54.192.231.126, precedence 2 (line=323)
[FINE] [0.3 fd=32 cfd=0] pxy_conn_set_filter_action: Filter enable cert log for 54.192.231.126, precedence 2 (line=323)
[FINE] [0.3 fd=32 cfd=0] pxy_conn_set_filter_action: Filter enable content log for 54.192.231.126, precedence 2 (line=323)
[FINE] [0.3 fd=32 cfd=0] pxy_conn_set_filter_action: Filter enable pcap log for 54.192.231.126, precedence 2 (line=323)
[FINE] [0.3 fd=32 cfd=0] pxy_conn_set_filter_action: Filter enable mirror log for 54.192.231.126, precedence 2 (line=323)
[FINE] [0.3 fd=32 cfd=0] pxy_conn_apply_filter: Deferring block action
Connecting to [54.192.231.126]:443
[FINEST] [0.3 fd=32 cfd=0] protossl_conn_connect: ENTER
Attempt reuse dst SSL session
[FINEST] [0.3 fd=32 cfd=0] protossl_bufferevent_setup: ENTER, fd=-1
[FINEST] [0.3 fd=32 cfd=0] protossl_bufferevent_setup: bufferevent_openssl_set_allow_dirty_shutdown, fd=-1
[FINEST] [0.3 fd=32 cfd=0] protossl_bev_eventcb_connected_srvdst: ENTER
[FINEST] [0.3 fd=32 cfd=0] pxy_conn_filter: Searching ip exact: 10.1.40.3
[FINEST] [0.3 fd=32 cfd=0] pxy_conn_filter: Searching ip substring: 10.1.40.3
[FINEST] [0.3 fd=32 cfd=0] pxy_conn_filter: Searching all
[FINE] [0.3 fd=32 cfd=0] pxy_conn_filter_match_ip: Found site (line=323):  for 10.1.40.3:50233, 54.192.231.126:443
[FINEST] [0.3 fd=32 cfd=0] pxy_conn_filter_match_ip: Match all dst (line=323): , 54.192.231.126
[FINEST] [0.3 fd=32 cfd=0] pxy_conn_filter_port: No filter match with port: 10.1.40.3:50233, 54.192.231.126:443
[FINE] [0.3 fd=32 cfd=0] pxy_conn_set_filter_action: Filter block action for 54.192.231.126, precedence 2 (line=323)
[FINE] [0.3 fd=32 cfd=0] pxy_conn_set_filter_action: Filter enable connect log for 54.192.231.126, precedence 2 (line=323)
[FINE] [0.3 fd=32 cfd=0] pxy_conn_set_filter_action: Filter enable master log for 54.192.231.126, precedence 2 (line=323)
[FINE] [0.3 fd=32 cfd=0] pxy_conn_set_filter_action: Filter enable cert log for 54.192.231.126, precedence 2 (line=323)
[FINE] [0.3 fd=32 cfd=0] pxy_conn_set_filter_action: Filter enable content log for 54.192.231.126, precedence 2 (line=323)
[FINE] [0.3 fd=32 cfd=0] pxy_conn_set_filter_action: Filter enable pcap log for 54.192.231.126, precedence 2 (line=323)
[FINE] [0.3 fd=32 cfd=0] pxy_conn_set_filter_action: Filter enable mirror log for 54.192.231.126, precedence 2 (line=323)
[FINE] [0.3 fd=32 cfd=0] pxy_conn_apply_filter: Deferring block action
===> Original server certificate:
Subject DN: /C=PL/ST=Mazowieckie/L=Warszawa/O=Ringier Axel Springer Polska Sp z o.o./CN=*.onet.pl
Common Names: *.onet.pl/*.onet.pl/onet.pl
Fingerprint: 8D:2E:C2:32:79:53:3C:AB:D6:7856:75:7A:6C:D5:B4:1A:94:F4:B1
Certificate cache: HIT
===> Forged server certificate:
Subject DN: /C=PL/ST=Mazowieckie/L=Warszawa/O=Ringier Axel Springer Polska Sp z o.o./CN=*.onet.pl
Common Names: *.onet.pl/*.onet.pl/onet.pl
Fingerprint: D1:DD:A5:45:EA:8A:FB:F0:62:610E:26:3C:4D:1C:7B:2F:9C:61:56
[FINEST] [0.3 fd=32 cfd=0] pxy_conn_filter: Searching ip exact: 10.1.40.3
[FINEST] [0.3 fd=32 cfd=0] pxy_conn_filter: Searching ip substring: 10.1.40.3
[FINEST] [0.3 fd=32 cfd=0] pxy_conn_filter: Searching all
[FINEST] [0.3 fd=32 cfd=0] protossl_filter: No filter match with sni: 10.1.40.3:50233, 54.192.231.126:443, www.onet.pl, *.onet.pl/*.onet.pl/onet.pl
[FINEST] [0.3 fd=32 cfd=0] protossl_filter: No filter match with common names: 10.1.40.3:50233, 54.192.231.126:443, www.onet.pl, *.onet.pl/*.onet.pl/onet.pl
[FINEST] [0.3 fd=32 cfd=0] prototcp_disable_srvdst: ENTER
[FINEST] [0.3 fd=32 cfd=0] protossl_bev_eventcb_connected_dst: ENTER
[FINEST] [0.3 fd=32 cfd=0] protossl_bufferevent_setup: ENTER, fd=32
[FINEST] [0.3 fd=32 cfd=0] protossl_bufferevent_setup: bufferevent_openssl_set_allow_dirty_shutdown, fd=32
[FINER] [0.3 fd=32 cfd=0] protossl_enable_src: Enabling src
SSL session cache: HIT
Certificate cache: KEEP (SNI match or target mode)
[FINEST] [0.3 fd=32 cfd=0] prototcp_bev_eventcb_connected_src: ENTER
HTTPS connected to [54.192.231.126]:443 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
CLIENT_RANDOM 62B9C2AAB3D9BF842602D42986BB5DE99CC5839FD17778ACD4E1BECFD9329326 241DCE93CE4B3744398B36F68C58FA8C1A2E5D58163D9BB1AE8F8CBE8E7CDC3786DECDB27A64FC30BEE49B003CEEDE66
[FINEST] [0.3 fd=32 cfd=0] protohttp_bev_readcb_src: ENTER, size=369
[FINEST] [0.3 fd=32 cfd=0] protohttp_bev_readcb_src: HTTP Request Header, size=369
[FINEST] [0.3 fd=32 cfd=0] protohttp_filter_request_header: GET / HTTP/1.1
[FINEST] [0.3 fd=32 cfd=0] protohttp_filter_request_header: Accept: text/html, application/xhtml+xml, image/jxr, */*
[FINEST] [0.3 fd=32 cfd=0] protohttp_filter_request_header: Accept-Language: pl-PL
[FINEST] [0.3 fd=32 cfd=0] protohttp_filter_request_header: User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
[FINEST] [0.3 fd=32 cfd=0] protohttp_filter_request_header: Accept-Encoding: gzip, deflate
[FINEST] [0.3 fd=32 cfd=0] protohttp_filter_request_header: Host: www.onet.pl
[FINEST] [0.3 fd=32 cfd=0] protohttp_filter_request_header: Connection: Keep-Alive
[FINER] [0.3 fd=32 cfd=0] protohttp_filter_request_header: REPLACE= Connection: close
[FINEST] [0.3 fd=32 cfd=0] protohttp_filter_request_header: Cookie: __gfp_64b=_9AQBMiJRfzARdJ_dz4SzAS7FPVeQpr1V364hKPt4uj.j7|1652459941; ea_uuid=202205131839065852208359
[FINEST] [0.3 fd=32 cfd=0] protohttp_filter_request_header:
[FINEST] [0.3 fd=32 cfd=0] pxy_conn_filter: Searching ip exact: 10.1.40.3
[FINEST] [0.3 fd=32 cfd=0] pxy_conn_filter: Searching ip substring: 10.1.40.3
[FINEST] [0.3 fd=32 cfd=0] pxy_conn_filter: Searching all
[FINEST] [0.3 fd=32 cfd=0] protohttp_filter: No filter match with host: 10.1.40.3:50233, 54.192.231.126:443, www.onet.pl, /
[FINEST] [0.3 fd=32 cfd=0] protohttp_filter: No filter match with uri: 10.1.40.3:50233, 54.192.231.126:443, www.onet.pl, /
[FINE] [0.3 fd=32 cfd=0] pxy_conn_apply_deferred_block_action: Applying deferred block action
[FINEST] [0.3 fd=32 cfd=0] pxy_conn_term: ENTER
[FINEST] [0.3 fd=32 cfd=0] pxy_conn_free: ENTER
[FINER] [0.3 fd=32 cfd=0] protossl_bufferevent_free_and_close_fd: in=0, out=0, fd=32
SSL_free() in state 00000001 = 0001 = SSLOK  (SSL negotiation finished successfully) [accept socket]
[FINER] [0.3 fd=32 cfd=0] protossl_bufferevent_free_and_close_fd: fd=32, SSL_free() in state 00000001 = 0001 = SSLOK  (SSL negotiation finished successfully) [accept socket]
[FINER] [0.3 fd=32 cfd=0] protossl_bufferevent_free_and_close_fd: in=0, out=364, fd=33
SSL_free() in state 00000001 = 0001 = SSLOK  (SSL negotiation finished successfully) [connect socket]
[FINER] [0.3 fd=32 cfd=0] protossl_bufferevent_free_and_close_fd: fd=33, SSL_free() in state 00000001 = 0001 = SSLOK  (SSL negotiation finished successfully) [connect socket]
[FINEST] [0.3 fd=32 cfd=0] pxy_conn_free_children: ENTER
[FINEST] [0.3 fd=32 cfd=0] pxy_conn_ctx_free: ENTER
[FINEST] [0.3 fd=32 cfd=0] pxy_thr_detach: Removing conn
[FINEST] [0.3 fd=32 cfd=0] pxy_thr_detach: Cannot find conn in thr conns, empty
Received signal 2
Main event loop stopped (reason=2).
[FINEST] main: EXIT closing privsep clisock=13
Received privsep req type 00 sz 1 on srvsock 18
Received privsep req type 00 sz 1 on srvsock 20
Received privsep req type 00 sz 1 on srvsock 16
Child pid 74551 exited with status 0

@sonertari
Copy link
Owner

They are in the logs you have posted, search for "Applying deferred block action".

@piolug93
Copy link
Contributor Author

Is it only written to the debug log?

@sonertari
Copy link
Owner

Yes

@piolug93
Copy link
Contributor Author

Do you have plan for separate log for blocked sites and passthrough when run with -P ?

@sonertari
Copy link
Owner

I guess it's not difficult, but I should think about it in detail.

@piolug93
Copy link
Contributor Author

That would be very useful for debugging and traffic monitoring.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sonertari @piolug93