On 20/10/2025 22:29, Gonzalo Vázquez Enjamio wrote:
Thanks for the reply.
My question is if it would be possible to log HTTPS traffic, in a Squid
in transparent mode, without intercepting the traffic?
You are a bit confused there. "transparent mode" is interception.
Consider - how is Squid to know what the **encoded** traffic is?
"outside" the encryption there is:
* a TCP handshake, and
* a CONNECT request (possibly created by Squid from those TCP
handshake details), and
* a TLS handshake
Those details can be logged. Everything else is encrypted.
I know it's possible with a proxy in explicit mode, but in transparent mode?
The only difference between explicit proxy and intercepted is the values
the TCP and CONNECT pieces contain. The parts that are available are the
same.
An explicit proxy listening on port 443 **is** decrypting the traffic.
That is why it can be logged.
HTH
Amos
_______________________________________________
squid-users mailing list
[email protected]
https://lists.squid-cache.org/listinfo/squid-users
