On 2025-10-20 05:29, Gonzalo Vázquez Enjamio wrote:
My question is if it would be possible to log HTTPS traffic,
in a Squid in transparent mode, without intercepting the
traffic?
I know it's possible with a proxy in explicit mode, but in
transparent mode?
On Oct 20, 2025, at 09:41, Alex Rousskov
<[email protected]> wrote:
Your earlier question had "without using an SSL Bump" condition.
I assume your revised question uses that condition as well.
I believe I have answered your earlier question, but since you
are asking a similar question again, I assume that my earlier
response was problematic. I do not know what that problem was,
and you have not told me why that earlier answer was not
satisfactory, but perhaps there is a conflict in terminology:
* How do you define "transparent mode"?
* How do you define "intercepting the traffic"?
* Do you want to log individual HTTP(S) transaction details
(e.g., request URLs) or just TCP-level connection details (e.g.,
IP addresses and ports)?
On 2025-10-20 14:44, Matus UHLAR - fantomas wrote:
I believe that with bit of tweaking, even spliced SSL connection
could be logged as "CONNECT %ssl::>sni"
thus revealing at least requested server name of destination server
(if available)
On 20.10.25 15:23, Alex Rousskov wrote:
Yes, in cases where TLS SNI information is not encrypted _and_ Squid
is doing SslBump actions to extract that information.
Gonzalo Vázquez Enjamio's original question excluded SslBump, but we
still do not know exactly what needs to be logged and in what setup.
We can add "client-origin TLS handshake info" to the list of things
that can be logged (in some cases, with some SslBump features
enabled).
I understood the OP's question as "without bumping SSLconnections"
perhaps Gonzalo would like to specify (sending Cc:)
--
Matus UHLAR - fantomas, [email protected] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
The early bird may get the worm, but the second mouse gets the cheese.
_______________________________________________
squid-users mailing list
[email protected]
https://lists.squid-cache.org/listinfo/squid-users
