On 2025-10-20 05:29, Gonzalo Vázquez Enjamio wrote:
My question is if it would be possible to log HTTPS traffic, in a Squid
in transparent mode, without intercepting the traffic?
I know it's possible with a proxy in explicit mode, but in transparent mode?
Your earlier question had "without using an SSL Bump" condition. I
assume your revised question uses that condition as well.
I believe I have answered your earlier question, but since you are
asking a similar question again, I assume that my earlier response was
problematic. I do not know what that problem was, and you have not told
me why that earlier answer was not satisfactory, but perhaps there is a
conflict in terminology:
* How do you define "transparent mode"?
* How do you define "intercepting the traffic"?
* Do you want to log individual HTTP(S) transaction details (e.g.,
request URLs) or just TCP-level connection details (e.g., IP addresses
and ports)?
Alex.
El vie, 17 oct 2025 a las 15:24, Alex Rousskov escribió:
On 2025-10-17 05:57, Gonzalo Vázquez Enjamio wrote:
> Is it possible to handle HTTPS requests and log them in a
transparent
> proxy with Squid without using an SSL Bump?
If you are asking about intercepted TLS connections (i.e. https_port),
then all Squid can do with them (without SslBump) is to log TCP-level
details of each connection. No individual HTTP requests are visible to
Squid in this setup.
If you are asking about plain text HTTP requests for "https://...";
targets/URLs arriving on an intercepted plain TCP connection (i.e.
http_port), then Squid should be able to handle (e.g., deny, forward,
cache, and log) those requests individually.
If you do not know which case applies to you, it is most likely the
first case because plain "GET https://..."; requests are rare and are
usually seen in non-intercepting setups.
HTH,
Alex.
_______________________________________________
squid-users mailing list
[email protected]
https://lists.squid-cache.org/listinfo/squid-users
