On 7/05/20 4:11 am, Ahmad Alzaeem wrote:
> Hello Floks ,
>
>
> We have squid 4.x
>
> We need to debug the user agents being sent from our local network .
>
> We added :
> logformat useragent %>a [%tl] "%{User-Agent}>h"
> access_log stdio:/var/log/squid/${service_name}-useragent.log useragent
Alex has already covered the main point for your issue. The below are
details I think it worth you spending some time on in addition to the
encryption.
On 7/05/20 3:18 am, Matus UHLAR - fantomas wrote:
> On 05.05.20 17:29, Ryan Le wrote:
>> Proxy-Authorization is of concern here. Most modern
On 6/05/20 10:20 pm, Arjun K wrote:
> Hi Amos
>
> Could you please share a sample configuration file containing allow and
> deny sites defined in a text file so that I can put the same format with
> my acls and validate in my environment.
>
I did in my earlier post. If you want more search the
On 05.05.20 17:29, Ryan Le wrote:
The issue is not related to the server certificate SNI. It's related to
exposing a few other sensitive data points such as the domain which is
clearly exposed in the CONNECT header. This would be exposed regardless of
TLS 1.3.
not if you talk to the proxy over
On 5/6/20 10:45 AM, Akshay Hegde wrote:
> Can you share some link or details about below
Sorry, I cannot -- it has been many years since I worked on browser
plugins, and I have heard that there were significant changes in
APIs/rights since then. Perhaps others on the mailing list can help you.
Hi Alex,
Thanks for confirming, I lost hope. Can you share some link or details
about below
> There are other ways to police
traffic (e.g., browser plugins), but they all require fiddling with the
client environment.
On Wed, May 6, 2020, 7:56 PM Alex Rousskov
wrote:
> On 5/6/20 8:58 AM,
If you need to encrypt the traffic between the browser and the proxy
perhaps you can use a VPN or a browser extension for this, that way your
traffic is encrypted on its way to the proxy.
On Tue, May 5, 2020 at 5:29 PM Ryan Le wrote:
> Hi All,
> Thanks for providing the information.
> The issue
On 5/6/20 8:58 AM, Akshay Hegde wrote:
> 1. Is there any way to filter HTTPS URLs without importing CA
> certificates on client side?
No, there is no way for a proxy to look at request URLs without the
browser trusting the proxy certificate. There are other ways to police
traffic (e.g., browser
Hi Alex,
I updated to latest squid as you suggested, and I tried SSL-Bump using
below config (which filters URLs which are in 443 too), however I have 600
users (windows, linux, Mac, mobile OS like Androd, Windows etc), so asking
them to import CA certificate in browser is not feasible.
1. Is