Search squid archive

Re: Logging of https

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 2016-03-24 13:41, Markey, Bruce wrote:

I'm hoping this is a simple question, I've gotten/seen differing
answers and I'd just like a final answer.

With squid setup as a transparent proxy via wccp will there be any log
entries for https sites, even just the ip?  Just the initial get
request is what I'd expect.

( I have no interest in breaking https, I'd simply like to get any
data I can without having to go down that road)

If yes then what needs to be done to make that happen. Currently
everything is working on the http side perfectly.  Oh the https side
as soon as I enable wccp redirection of 443 to squid it breaks https.
 ( I'll add here that I've read all the peek and splice info and I
don't really understand it.)

Thanks

BRUCE MARKEY | Network Security Analyst

STEINMAN COMMUNICATIONS

717.291.8758 (o) | bmarkey@xxxxxxxxxxxxxxxxxxxxxxxxxx

8 West King St | PO Box 1328, Lancaster, PA 17608-1328


_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users



Read this:

http://thread.gmane.org/gmane.comp.web.squid.general/114384/focus=114389

Sample messages:

allowed https:
Mar 24 14:02:11 gateway (squid-1): 192.168.1.101 - - [24/Mar/2016:14:02:11 -0600] "CONNECT 209.59.180.48:443 HTTP/1.1" - - 200 5511 TCP_TUNNEL:ORIGINAL_DST 

note the size, 5511, and the TCP_TUNNEL, this has no SNI

denied https:
Mar 24 13:36:01 gateway (squid-1): 192.168.1.101 - - [24/Mar/2016:13:36:01 -0600] "CONNECT 54.171.35.38:443 HTTP/1.1" - - 200 0 TAG_NONE:ORIGINAL_DST 

note the size, 0, and the TAG_NONE, and this also has no SNI
Mar 24 13:36:01 gateway (squid-1): 192.168.1.101 - - [24/Mar/2016:13:36:01 -0600] "CONNECT 54.171.177.121:443 HTTP/1.1" track.appsflyer.com - 200 0 TAG_NONE:ORIGINAL_DST 

again, size, and TAG_NONE, but we saw SNI for this one.
the above are the output when using the config info in the link. Hope that helps. 

James
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux