Hi,
If you go here:
http://www.eicar.org/85-0-Download.html
And try one of the https links, and c-icap gives you a virus warning,
then the content is being passed to c-icap.
Cheers
Alex
On 21/06/13 02:49, sjaipuri wrote:
Now it make more sense to me.
Yes, right now I am only seeing plain text ICAP headers for all https
traffic. But I see whole payload for http traffic on ICAP port. Which you
already mentioned that squid sends http message if it is able to parse it.
As you say that ssl-bump will convert CONNECT to series of http request. I
tried tcpdump on port 3128 (squid)/80/443/1344(ICAP) . But in all this case
I only see unencrypted HTTP request for https traffic. However not able to
see payload.
Does ssl-bump decrypt the payload as well and make it available as plain
text. ???
--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/https-traffic-using-squid-and-icap-tp4660720p4660733.html
Sent from the Squid - Users mailing list archive at Nabble.com.