On 6/02/2017 6:10 p.m., Varun Singh wrote: > Hi, > I have a Squid 3 installed on Ubuntu 16.04. It works perfectly as an > HTTP proxy server in transparent mode. > I wanted to know whether it can be configured to run as HTTPS proxy > server without ssl-bump i.e. without 'man in the middle attack' > technique. The Ubuntu package of squid/squid3 can tunnel CONNECT requests. That is all. It has no support for anything more complicated. > > I read the documentation page of HTTPS support. It says that when a > browser comes across an HTTPS website, it opens a TCP tunnel through > Squid to the origin server using CONNECT reuqest method. > With this setting the server can filter URLs based on URL scheme, URL > path and query string. The payload is still encrypted. What documentation? it is wrong, or you are misunderstanding it. The URL path?query is definitely *not* available without decrypting. FWIW the squid wiki page on HTTPS documents all three of the installation types that are all called "HTTPS". > After that the documentation goes on to explain how can we use > SSL-bump to decrypt the payload. > > Now, I only want setup basic HTTPS proxy via CONNECT tunnel in which > you can only filter URL path and string. I am not looking to setup > SSL-bump but still want to setup Squid for HTTPS filtering. I'm not > able to find a good tutorial for that. > Every tutorial I have found points to setting up SSL-bump. Because the only way to access more than hostname/IP and port is to decrypt. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
