Hey all,
So I'm going to try and get some visibility into tls traffic. Not
concerned with the sslbumping of the traffic, but what I DON'T know
what to do is what to do with the traffic once it's decrypted. This
squid machine runs IDS software as well, so my hope was to have the IDS
software listen to traffic that'd decrypted, but for the life of me I'm
not sure where to start. Does squid pipe out a stream? Or does the
IDS listen to a different "interface"? Is this where ICAP comes in?
Thanks for any assistance...just starting out so thought this would be
the best place to start.
James
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
