Hi list. I have a squid proxy with url filtering and file av scan
composed by OpenBSD 4.8 + squid-2.7-STABLE7 + squidGuard + havp, all
works fine but i'm not able to get https traffic scanned. To avoid this,
we can use squid-3.1.11 with ssl-bump feature.
At this point I've tried to set this configuration on a "linux" host, to
avoid to break my firewall, on Slackware 13.1 + squid-3.1.11 + sslbump +
c-icap + squidclamav-6.0 + squidGuard + clamav.
from http://wiki.squid-cache.org/Features/SslBump:
Squid-in-the-middle decryption and encryption of straight CONNECT and
transparently redirected SSL traffic, using configurable client- and
server-side certificates. While decrypted, the traffic can be inspected
using ICAP.
At this point there's no needed examplation about sslbump.
All HTTP and HTTPS traffic will be scanned greatly.
I've tried also to set an env with: Slackware 13.1 + squid-3.1.11 +
sslbump + havp + clamav + squidguard. The point is that, to get in work
squid with havp, I must insert a parent (cache_peer) to havp and then
when squid get the request from a client, it sends the request to havp,
and havp tells (rightly) that the request is an invalid request
returning the havp page.
There is a method to avoid this? Or the problem is related only to havp
that could not "see" https traffic?
Another question is about security. With this method, the SSL
communication beetween two endpoint is broken with the squid in the
middle, what are the security implication using this method? There are
many pro in front of cons to use this solution?
The last question: why openbsd does not get squid-3.x instead 2.7-x?
Thanks in advance
