Hi, Squid has some great features for traffic managament policy and accounting. The web is moving more and more to https which negates squids advantages in caching. I know that squid can not transparently proxy https - i've run squid in intercept mode and pointed https traffic at it and watched the rubbish that fills the logs. Squid remains a great platform for centralising site policy in regards to access and accounting for web traffic (even if it is only total bytes to/from a host). Replicating such policy is a pain in the backside (try using iptables for domain wide rules, or reliable user agent matching). What I am interested in is whether there is or ever was a squid module that; 1. is suitable for running in intercept mode 2. maintains a list of active https connections 3. checks the acls to see if access is permitted, to the extent permitted by https, so some checks would need to pass through lack of sufficient information 4. when a new https connection is intercepted (internally fakes the setup of a CONNECT tunnel) 5. if permitted and a suitable CONNECT tunnel exists shovels bits back and forward like a traditional non intercepted proxy 6. if not returns icmp host unreachable 7. accounts for traffic in the same way as squid would in a configured proxy setup Has anyone tried this? Or is the answer download the source and patches welcome? Thank you. Mark Carey _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
