Hi list, For many years I've used squid-2.7-STABLE7 for proxying,
content filtering and virus scan, but it was not able to scan https
traffic for viruses. Now compiling a package for my system, I've seen
that in 3.1.x version there is the ssl-bump option to get https traffic
treated as http traffic.
in my squid.conf I have:
...
..
ssl_bump allow localnet
always_direct allow all
http_port 172.16.2.8:3128 ssl-bump cert:/etc/squid/cert/cert.crt
key=/etc/squid/cert/key.key
My first question is, How to see if ssl-bump works? in access.log I get
always CONNECT/DIRECT for HTTPS connection. This is normal or my
ssl-bump config does not work?
Then my squidclamav version is 6.x and use c-icap and I've configured
squid for icap as:
icap_enable on
icap_send_client_ip on
icap_send_client_username on
icap_client_username_encode off
icap_client_username_header X-Authenticated-User
icap_preview_enable on
icap_preview_size 1024
icap_service service_req reqmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav
adaptation_access service_req allow all
icap_service service_resp respmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav
adaptation_access service_resp allow all
For http connection all works fine, and always with https connection
there are always CONNECT/DIRECT.
on http://wiki.squid-cache.org/Features/SslBump I get:
Squid-in-the-middle decryption and encryption of straight *CONNECT* and
transparently redirected SSL traffic, using configurable client- and
server-side certificates. While decrypted, the traffic can be inspected
using ICAP.
Then at this point ssl-bump must permit to squidclamav to see file
(decrypted) over https?
if Yes, there is a my misconfiguration, can you point me in the right
direction? (If you need my squid.conf I can post it)
thanks in advance.
