On 12/10/10 19:44, Boniforti Flavio wrote:
Woooops... I thought I already replied, but instead my mail was in the
drafts folder :-/ So here I go:
Hello Amos and thanks for your reply.
[cut]
3) would I completely miss the traffic done in HTTPS in my
webalizer
stats, if there'd be no way to have transparently proxied HTTPS
requests?
This is only a problems due to the "transparent".
If you can discard the "transparent" part of the setup the
client browsers will send their HTTPS requests to Squid using
CONNECT method, which gives webalizer all the client IP and
destination domain details along with traffic sent/received
there. All thats missing is the particular files being fetched.
OK, I've played around with this: I configured my own browser to use the
proxy and watched the access.log file. I saw those CONNECT connections,
and the fact that I'd miss the files being fetched, would be 100% ok for
me.
Alternatives are to use firewall traffic accounting which can
just as easily be gathered. Such as which client IP is using
port 443 (HTTPS) to contact which external IPs and how much
traffic they sent/received.
Of course, but then I would have the problem to "add" that info to my
webalizer logs. Would there be any way to "sum it up" to all the proxied
traffic?
In Linux the xtables-addons iptables stuff has some interesting looking
accounting modules. Though I have yet to hear of any products that make
it easy to use.
RADIUS I've heard has its own traffic accounting systems if you can find
and/or pay for them.
Ah, BTW: as I *do not* intend to cache HTTPS
traffic/requests, would it
be easier to set up this sort of "logging/filtering"?
What is easier depends on your network setup.
I manage many different customer networks and there my primary goal is
to avoid users being able to bypass my proxy (which I use to filter
sites based on URLs).
By using transparent mode, I have full control over network traffic: I
can configure iptables and squid to do what I want them to. Actually, my
users have discovered how to change proxy settings (even if configured
by Windows Group Policies, because many are using alternative browsers
like Firefox, Opera, and so on). So my countermeasure would be to use
the transparent mode.
Ouch. Yes interception can be a useful backup. Just so long as you know
that it has limits and can actually bypass Squid security ACL in the
right/wrong hands.
My second goal (less important, but I want complete and precise data) is
to have *all* the internet traffic showing up in webalizer reports: how
to achieve both things?
Sadly I'm in the dark here too. I had to roll my own graphs with a
database of traffic logs.
Kind regards and thanks for helping me out (and making me brainstorm a
bit) ;-)
Welcome. And good luck.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE9 or 3.1.8
Beta testers wanted for 3.2.0.2
