> From: csn233 <csn233_at_gmail.com>
>Sent: Monday, 29 July 2013 10:40 PM
>Subject: Re: [squid-users] Basic questions on transparent/intercept proxy
>On Sun, Jul 28, 2013 at 9:11 PM, Amm <ammdispose-squid_at_yahoo.com> wrote:
>> ----- Original Message -----
>>
>>> From: csn233 <csn233_at_gmail.com>
>>> To: "squid-users_at_squid-cache.org" <squid-users_at_squid-cache.org>
>>
>>>To intercept HTTPS traffic, is SSL-bump a must? Even when I only want
>>> to record the CONNECT traffic in access.log just like a normal forward
>>> proxy without decrypting anything?
>>
>> No. But it will log only IPs not the host name or URL.
>>
>> Amm
>No, as in ssl-bump is not a requirement for HTTPS traffic to be
>logged? Your answer seems to be different from other replies. Can you
>provide examples of how?
I am not sure if I understood your previous question right. I think what others said is right.
Here is what I have done. (simplified version)
https_port 8081 intercept ssl-bump generate-host-certificates=on cert=/etc/squid/ssl_cert/squid.pem
#ssl_bump none all #<--- this line is not required
So ssl-bump as a keyword is required on https_port but you dont need ssl_bump ACL line (by default it bumps nothing).
Traffic will be logged just as IP. (Not actual hostname)
Regards,
Amm.
Received on Mon Jul 29 2013 - 19:01:13 MDT
This archive was generated by hypermail 2.2.0 : Tue Jul 30 2013 - 12:00:27 MDT