Search squid archive

Re: squid module to "simulate" CONNECT setup to facilitate intercepted https

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 11/08/2015 11:33 PM, Mark Carey wrote:

> What I am interested in is whether there is or ever was a squid module that;
> 
> 1. is suitable for running in intercept mode
> 
> 2. maintains a list of active https connections
> 
> 3. checks the acls to see if access is permitted, to the extent
> permitted by https, so some checks would need to pass through lack of
> sufficient information
> 
> 4. when a new https connection is intercepted (internally fakes the
> setup of a CONNECT tunnel)
> 
> 5. if permitted and a suitable CONNECT tunnel exists shovels bits back
> and forward like a traditional non intercepted proxy
> 
> 6. if not returns icmp host unreachable
> 
> 7. accounts for traffic in the same way as squid would in a configured
> proxy setup
> 
> Has anyone tried this?  Or is the answer download the source and
> patches welcome?


AFAICT, SslBump with "peek at and then splice everything" rules will
give you most if not all of the above:

  http://wiki.squid-cache.org/Features/SslPeekAndSplice
  http://bugs.squid-cache.org/show_bug.cgi?id=4340

Alex.

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux