On 13.03.18 20:37, Al Grant wrote:
I have been told it would be good practice to respect users privacy when
it comes to banking and health websites.
I am not sure whether this means not logging those websites, not caching
them or something else?
On Tue, Mar 13, 2018 at 9:06 PM, Matus UHLAR - fantomas <uhlar@xxxxxxxxxxx>
wrote:
in fact, both. However it's not a problem unless you bump SSL connections.
without it, you just see CONNECT requests in proxy logs, which doesn't
violate privacy.
On 13.03.18 21:17, Al Grant wrote:
So would you see all the URLs for a given site in the logs?
No. CONNECT only provides host/IP and port, nothing more.
Bumping SSL connections means decrypting the traffic and removing privacy.
(SSL is designed for end-to-end encryption and valication).
Bumping decrypts the connection, provide own certificates, and make own SSL
connection to the web sites.
Users will not see the green bar commonly seen at banking sites, coming
from
extended validation certificate.
I don't see the need to go as far as filtering traffic based on content.
However I would like to be able to view the URLs visited.
viewing URLs in HTTPS connections requires decrypting SSL.
decrypting SSL removes privacy and brings problems.
don't decrypt unless you really have to.
--
Matus UHLAR - fantomas, uhlar@xxxxxxxxxxx ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"To Boot or not to Boot, that's the question." [WD1270 Caviar]
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
