On 21/06/2013 1:07 p.m., sjaipuri wrote:
Thanks Amos for your response. Just like to clarify, do you mean squid only sends request/response header to ICAP? (If I understood right then) some of the service on ICAP are used for virus detection in which they access the content of all packet. I might need to read more on this.
No. Squid sends the whole messages. But only for messages which are parseable by Squid using plain-text HTTP parser. The SSL-bumping converts HTTPS CONNECT tunnels into a series of plain HTTP requests for https:// URLs before that parsing process so ICAP can be sent them.
Are you perhapse confusing binary payload objects for encrypted HTTPS traffic?
At the *very* least you will be seeing the plain-text ICAP protocol headers in your tcpdump if you are grabbing the ICAP traffic like you say you are.
Do you know anyone using which I can have access of https traffic in plain text format on squid or ICAP ?
Everyone using SSL-bump feature successfully, and there are quite a few now. Amos
