[KLUG Members] passing https through a "firewall"
Bruce Smith
bruce at armintl.com
Thu Jul 22 22:31:35 EDT 2004
> I would be curious to see the details of your implementation. Recording information
> about encrypted traffic (the transmission of the URL is
> encrypted)....should be interesting.
I checked my squid logs, and only the base URL is logged for https
sites. i.e.: CONNECT www.membershipme.com:443 usr DIRECT/65.218.28.36
(plus some other info that I think is bytes, date, cache status and a
couple other fields I'm not sure about without looking them up)
- BS
> > > > > You [obviously] can't proxy https traffic.
> > > >
> > > > You can proxy it (I do it with squid), you just can't content filter it.
> > >
> > > What good is proxying if all you can record is the IP address of the
> > > host they were connecting to?
> >
> > What's the good of SSL if someone in the middle can read the traffic?
> >
> > > I can do that with an IPTABLES log
> > > through the kernel w/o having to bog down the user-space more.
> >
> > Squid also records the URL in it's log, and you can filter on URL's.
> > You just can't filter on the traffic (content) since it's encrypted.
> >
> > You can also configure squid to only allow authenticated traffic though
> > to the internet. Our squid server pops up a user/password box on the
> > browser the first time a user tries to go out. If their userid isn't in
> > the internet group, they don't get to surf (SSL or plain text).
> >
> > - BS
More information about the Members
mailing list