> Hello,
>
> I'd like to filter URLs used with https, in transparent proxy mode.
>
> I understand that once the HTTPs encrypts the payload between the web
> client and the web server, there is no way to snooping the encrypted
> data without breaking/failing crypto.
> But all I need is to be able to apply blacklisted URLs to the HTTPs
> requests, and the URLs appear in the clear in HTTPS packets (no
> encryption).
>
> Is there any way to achieve that with squid?
> If not, how do people achieve filtering of blacklisted URLs on HTTPs
> traffic transparent to the PCs (no configuration on the PCs allowed)
> -- considering all the other Linux tools?
Squid 3.1 has an SSLBump feature which may be twisted to handle SSL
interception. But we have as yet had no confirmed success with that. It is
designed for standard forward-proxies, so no guarantees.
Other than that very small ray of hope, there is no capability in squid
for intercepting and decrypting of SSL traffic.
What you are attempting to do after all is a middle-man attack on your
customers security systems. It's far better to be open and public about
the proxy. Publish details and get clients to configure it either directly
or via WPAD/PAC.
Amos
Received on Mon Aug 11 2008 - 00:15:09 MDT
This archive was generated by hypermail 2.2.0 : Wed Aug 13 2008 - 12:00:03 MDT