[KLUG Members] passing https through a "firewall"

[Phillip Hofmeister]

I would be curious to see the details of your implementation.  Recording information
about encrypted traffic (the transmission of the URL is
encrypted)....should be interesting.

On Thu, 22 Jul 2004 at 04:32:38PM -0400, Bruce Smith wrote:
> > > > You [obviously] can't proxy https traffic.
> > > 
> > > You can proxy it (I do it with squid), you just can't content filter it.
> > 
> > What good is proxying if all you can record is the IP address of the
> > host they were connecting to?  
> 
> What's the good of SSL if someone in the middle can read the traffic?
> 
> > I can do that with an IPTABLES log
> > through the kernel w/o having to bog down the user-space more.
> 
> Squid also records the URL in it's log, and you can filter on URL's.
> You just can't filter on the traffic (content) since it's encrypted.
> 
> You can also configure squid to only allow authenticated traffic though
> to the internet.  Our squid server pops up a user/password box on the
> browser the first time a user tries to go out.  If their userid isn't in
> the internet group, they don't get to surf (SSL or plain text).
> 
>  - BS
> 
> 
> _______________________________________________
> Members mailing list
> Members at kalamazoolinux.org
> 

-- 
Phillip Hofmeister