subject:"Re\: \[squid\-users\] Squid, https , MITM and Antivirus"

Re: [squid-users] Squid, https , MITM and Antivirus

2006-10-21 Thread Jakob Curdes


Andreas Moroder schrieb:


Hello,

today on our proxy server we have a antivirus between the client and 
squid. The antivirus listens on 3128 an then passes the packets to 
squid via 3130. Thats fine with http. The problem is that users access 
external webmail sites via https and download virus infected files 
that can not be scanned by the antivirus.


You cannot intercept https communications with squid. This would only be 
possible after checking the certificates belonging to the connection, 
decrypting the traffice , inspecting it , caching it and afterwards 
re-encrypting it. Squid cannot do this, it is a http proxy.
Be aware that by allowing https to everywhere you are encountering 
bigger risks than your attachments only, keyword tunneling the proxy.


JC

Re: [squid-users] Squid, https , MITM and Antivirus

2006-10-21 Thread Jakob Curdes


Andreas Moroder schrieb:


Hello Jakob,

I know about the tunneling problem. We discovered one PC in our 
hospital last week with a tunneling softwar einstalled.

On the other hand there are sites you need https to log in.


There are commercial interception solutions on the market. I do not know 
of an open source project. One easy solution would be to limit https 
access to a list of well-known sites such as some webmailers (but then 
you are back at the attachment problem) anf homebanking sites.


JC

Re: [squid-users] Squid, https , MITM and Antivirus

Re: [squid-users] Squid, https , MITM and Antivirus

2 matches

Site Navigation

Mail list logo

Footer information