[KLUG Members] passing https through a "firewall"

[Bruce Smith]

> I would be curious to see the details of your implementation.  Recording information
> about encrypted traffic (the transmission of the URL is
> encrypted)....should be interesting.

I checked my squid logs, and only the base URL is logged for https
sites.  i.e.:  CONNECT www.membershipme.com:443 usr DIRECT/65.218.28.36

(plus some other info that I think is bytes, date, cache status and a
couple other fields I'm not sure about without looking them up)

 - BS


> > > > > You [obviously] can't proxy https traffic.
> > > > 
> > > > You can proxy it (I do it with squid), you just can't content filter it.
> > > 
> > > What good is proxying if all you can record is the IP address of the
> > > host they were connecting to?  
> > 
> > What's the good of SSL if someone in the middle can read the traffic?
> > 
> > > I can do that with an IPTABLES log
> > > through the kernel w/o having to bog down the user-space more.
> > 
> > Squid also records the URL in it's log, and you can filter on URL's.
> > You just can't filter on the traffic (content) since it's encrypted.
> > 
> > You can also configure squid to only allow authenticated traffic though
> > to the internet.  Our squid server pops up a user/password box on the
> > browser the first time a user tries to go out.  If their userid isn't in
> > the internet group, they don't get to surf (SSL or plain text).
> > 
> >  - BS