Re: [squid-users] Squid, https , MITM and Antivirus

From: Jakob Curdes <jc@dont-contact.us>
Date: Sat, 21 Oct 2006 11:02:13 +0200

Andreas Moroder schrieb:

> Hello,
>
> today on our proxy server we have a antivirus between the client and
> squid. The antivirus listens on 3128 an then passes the packets to
> squid via 3130. Thats fine with http. The problem is that users access
> external webmail sites via https and download virus infected files
> that can not be scanned by the antivirus.
>
You cannot intercept https communications with squid. This would only be
possible after checking the certificates belonging to the connection,
decrypting the traffice , inspecting it , caching it and afterwards
re-encrypting it. Squid cannot do this, it is a http proxy.
Be aware that by allowing https to everywhere you are encountering
bigger risks than your attachments only, keyword tunneling the proxy.

JC
Received on Sat Oct 21 2006 - 02:58:23 MDT

This archive was generated by hypermail pre-2.1.9 : Wed Nov 01 2006 - 12:00:04 MST