[KLUG Members] passing https through a "firewall"

[Adam Tauno WIlliams]

> > > I would be curious to see the details of your implementation.  Recording information
> > > about encrypted traffic (the transmission of the URL is
> > > encrypted)....should be interesting.
> > I checked my squid logs, and only the base URL is logged for https
> > sites.  i.e.:  CONNECT www.membershipme.com:443 usr DIRECT/65.218.28.36
> These logs can be obtained with IPTABLES rules as well without involving
> the user-space (except the logger daemon).  The IPTABLES method would
> probably be more efficient.
> But, if it is not broke, don't fix it.

To some extent yes,  but iptables works on the IP level.  Squid allows
access rules to be constructed using DNS names and regular expressions. 
So, for example, you'd need ~12 iptables rules to allow access to
database.clamav.org so that hosts can update their anti-virus data, 
this is because this DNS name resolved to a whole bunch of different
machines and you more or less get one on a random basis.  But with squid
you can just grant access to 'database.clamav.org', and squid's resolver
thread will process this dynamically, so even if they add/remove servers
you don't need to do anything (always a good thing!).  iptables vs.
squid depends alot on how granular and/or draconian you need to be about
access control.