I do use ssl bump again it requires certificates installed on the devices, and or some and a splice for the others. You must also add a url list for items that must never be intercepted like banks etc. I agree it is not an easy task, it took me years to get it to work correctly for what I needed. When it does work it works beautifully, you can cache updates and reuse them, you can use clam AV on https traffic. It’s not for everyone it will make you a wizard level 1000 if you can get it going. Sent from my iPhone
> On May 23, 2024, at 08:49, Alex Rousskov <rouss...@measurement-factory.com> > wrote: > > On 2024-05-22 03:49, Robin Wood wrote: > >> I'm trying to work out how to add an extra header to a TLS connection. > > I assume that you want to add a header field to an HTTP request or response > that is being transmitted inside a TLS connection between a TLS client (e.g., > a user browser) and an HTTPS origin server. > > Do you control the client that originates that TLS connection (or its > OS/environment) or the origin server? If you do not, then what you want is > impossible -- TLS encryption exists, in part, to prevent such traffic > modifications. > > If you control the client that originates that TLS connection (or its > OS/environment), then you may be able to, in _some_ cases, add that header by > configuring the client (or its OS/environment) to trust you as a Certificate > Authority, minting your own X509 certificates, and configuring Squid to > perform a "man in the middle" attack on client-server traffic, using your > minted certificates. You can search for Squid SslBump to get more information > about this feature, but the area is full of insurmountable difficulties and > misleading advice. Avoid it if at all possible! > > > HTH, > > Alex. > > >> I've found information on how to do it on what I think is the pre-3.5 >> release, but I can't find any useful information on doing it on the current >> version. >> Could someone give me an example or point me at some documentation on how to >> do it. >> Thanks >> Robin >> _______________________________________________ >> squid-users mailing list >> squid-users@lists.squid-cache.org >> https://lists.squid-cache.org/listinfo/squid-users > > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > https://lists.squid-cache.org/listinfo/squid-users _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users
