Amos Jeffries wrote on 06/09/2015 03:06 PM:
The HTTP message log (access.log) is only logging the HTTP(S) messages.
The non-HTTP protools are not logged.
10.xx.131.244 - - [09/Jun/2015:08:40:15 +0200] "CONNECT
64.233.184.94:443 HTTP/1.1" www.google.dk - 200 20042
TCP_TUNNEL:ORIGINAL_DST peek
This got peeked then spliced (not decrypted). There is no decrypted
message(s) to be logged or even to pass through http_access.
I'm obviously not understanding something.. I would like squid to "fake
the certificate" - and then when the clients sends an actual request -
run that through http_access.. so I can match on urls..
I'd rather not filter on only domain if possible..
Is that not possible currently with squid?
--
Regards,
Klavs Klavsen, GSEC - kl@xxxxxxx - http://www.vsen.dk - Tlf. 61281200
"Those who do not understand Unix are condemned to reinvent it, poorly."
--Henry Spencer
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
