Woooops... I thought I already replied, but instead my mail was in the drafts folder :-/ So here I go: Hello Amos and thanks for your reply. [cut] > > 3) would I completely miss the traffic done in HTTPS in my > webalizer > > stats, if there'd be no way to have transparently proxied HTTPS > > requests? > > This is only a problems due to the "transparent". > > If you can discard the "transparent" part of the setup the > client browsers will send their HTTPS requests to Squid using > CONNECT method, which gives webalizer all the client IP and > destination domain details along with traffic sent/received > there. All thats missing is the particular files being fetched. OK, I've played around with this: I configured my own browser to use the proxy and watched the access.log file. I saw those CONNECT connections, and the fact that I'd miss the files being fetched, would be 100% ok for me. > Alternatives are to use firewall traffic accounting which can > just as easily be gathered. Such as which client IP is using > port 443 (HTTPS) to contact which external IPs and how much > traffic they sent/received. Of course, but then I would have the problem to "add" that info to my webalizer logs. Would there be any way to "sum it up" to all the proxied traffic? > > Ah, BTW: as I *do not* intend to cache HTTPS > traffic/requests, would it > > be easier to set up this sort of "logging/filtering"? > > What is easier depends on your network setup. I manage many different customer networks and there my primary goal is to avoid users being able to bypass my proxy (which I use to filter sites based on URLs). By using transparent mode, I have full control over network traffic: I can configure iptables and squid to do what I want them to. Actually, my users have discovered how to change proxy settings (even if configured by Windows Group Policies, because many are using alternative browsers like Firefox, Opera, and so on). So my countermeasure would be to use the transparent mode. My second goal (less important, but I want complete and precise data) is to have *all* the internet traffic showing up in webalizer reports: how to achieve both things? Kind regards and thanks for helping me out (and making me brainstorm a bit) ;-) Flavio Boniforti PIRAMIDE INFORMATICA SAGL Via Ballerini 21 6600 Locarno Switzerland Phone: +41 91 751 68 81 Fax: +41 91 751 69 14 URL: http://www.piramide.ch E-mail: flavio@xxxxxxxxxxx
