On 08/09/15 20:32, Amos Jeffries wrote: > The second one is a fake CONNECT generated internally by Squid using Is it too late to propose that intercepted SSL transactions be logged as something besides "CONNECT"? I know I find it confusing - and so do others. I appreciate the logic behind it - but people are people :-) How about (for intercepted SSL) PEEKED 1.2.3.4:443 GET https://github.com/image.txt vs PEEKED 5.6.7.8:443 SPLICED google.com:443 This way we could have a squid server that does transparent SSL plus formal proxy (on different ports of course) and CONNECT/PEEKED/SPLICED would enable the admin to tell the difference between a formal proxy session and an intercepted one. ie the same transactions via formal proxy would be CONNECT github.com:443 GET https://github.com/image.txt vs CONNECT google.com:443 SPLICED google.com:443 I guess with my logging format, log parsers would skip all PEEKED/CONNECT lines as redundant (although they're useful for us humans) Yeah, it would break existing logging tools - but so does the "GET https://..."; stuff anyway - so they need updating too ;-) -- Cheers Jason Haar Corporate Information Security Manager, Trimble Navigation Ltd. Phone: +1 408 481 8171 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
