On 17/01/16 06:16, xxiao8 wrote: > Basically I'm trying to see how to get the http-header info from a > bumped ssl connection and use them directly inside > squid.conf(including external acl), otherwise icap/ecap is unavoidable > for bumped ssl http header analysis. You must have done it wrong. First check: the squid access.log should show the entire https url (eg "(GET|CONNECT) https://google.com/search?q=squid+is+great"; - not "CONNECT google.com:443") - if it doesn't - then ICAP can't "see" the url either I've done it in the past and it definitely works within ICAP: eg you can block https urls (instead of just domains) and can use ICAP to pass https urls through AV/etc. However, cert pinning is a real problem - especially in transparent/intercept mode. Very frustrating: the Internet is rapidly moving to HTTPS and yet network-based security like content filtering proxies find it hard to keep up as they have become the enemy (because they can be used for evil as well as good). -- Cheers Jason Haar Corporate Information Security Manager, Trimble Navigation Ltd. Phone: +1 408 481 8171 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
