On 21/06/2013 1:07 p.m., sjaipuri wrote:
> Thanks Amos for your response.
>
> Just like to clarify, do you mean squid only sends request/response header
> to ICAP?
>
> (If I understood right then) some of the service on ICAP are used for virus
> detection in which they access the content of all packet. I might need to
> read more on this.
No. Squid sends the whole messages. But only for messages which are
parseable by Squid using plain-text HTTP parser. The SSL-bumping
converts HTTPS CONNECT tunnels into a series of plain HTTP requests for
https:// URLs before that parsing process so ICAP can be sent them.
Are you perhapse confusing binary payload objects for encrypted HTTPS
traffic?
At the *very* least you will be seeing the plain-text ICAP protocol
headers in your tcpdump if you are grabbing the ICAP traffic like you
say you are.
> Do you know anyone using which I can have access of https traffic in plain
> text format on squid or ICAP ?
Everyone using SSL-bump feature successfully, and there are quite a few now.
Amos
Received on Fri Jun 21 2013 - 01:36:25 MDT
This archive was generated by hypermail 2.2.0 : Fri Jun 21 2013 - 12:00:36 MDT