Re: [squid-users] HTTPS sites

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Fri, 05 Oct 2001 23:15:02 +0200

Joe Cooper wrote:

> If VirusWall can be used in an interception configuration even with SSL
> connections (it is possible I think, and Henrik has explained some time
> ago on this list how it could be accomplished), then you may wish to
> implement some form of port forwarding to redirect SSL requests on port
> 443 over to the VirusWall. It will then log those requests, I presume.
> As it is, it never sees them either.

Sure, SSL can technically be "intercepted", but it won't tell you much
except that the client on IP X wants to talk to an https server on IP Y
(not even the requested domainname is known). As said the SSL traffic is
all encrypted so there is no way of telling what is being done over the
SSL channel other than that there is some kinds of traffic flowing
between the browser and the server.

Because of the minimal amount of things you can do with intercepted SSL
traffic (either blindly forward it without knowing what it is, or drop
the connection) I see no reason why to intercept it. Plain old
packetbased firewalling can do just as well if control is what you want,
and is a whole lot less disurbing to your users.

Regards
Henrik Nordström
Squid Hacker
Received on Fri Oct 05 2001 - 15:38:24 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:02:37 MST