There is also a setting called t-proxy I tried it seems to work well when compared to intercept and transparent. I read about it in pfSense you have to adapt the config to make it work. Sent from my iPhone
> On Oct 20, 2025, at 09:41, Alex Rousskov <[email protected]> > wrote: > > On 2025-10-20 05:29, Gonzalo Vázquez Enjamio wrote: > >> My question is if it would be possible to log HTTPS traffic, in a Squid in >> transparent mode, without intercepting the traffic? >> I know it's possible with a proxy in explicit mode, but in transparent mode? > > Your earlier question had "without using an SSL Bump" condition. I assume > your revised question uses that condition as well. > > I believe I have answered your earlier question, but since you are asking a > similar question again, I assume that my earlier response was problematic. I > do not know what that problem was, and you have not told me why that earlier > answer was not satisfactory, but perhaps there is a conflict in terminology: > > * How do you define "transparent mode"? > > * How do you define "intercepting the traffic"? > > * Do you want to log individual HTTP(S) transaction details (e.g., request > URLs) or just TCP-level connection details (e.g., IP addresses and ports)? > > Alex. > > >> El vie, 17 oct 2025 a las 15:24, Alex Rousskov escribió: >> On 2025-10-17 05:57, Gonzalo Vázquez Enjamio wrote: >> > Is it possible to handle HTTPS requests and log them in a >> transparent >> > proxy with Squid without using an SSL Bump? >> If you are asking about intercepted TLS connections (i.e. https_port), >> then all Squid can do with them (without SslBump) is to log TCP-level >> details of each connection. No individual HTTP requests are visible to >> Squid in this setup. >> If you are asking about plain text HTTP requests for "https://..."; >> targets/URLs arriving on an intercepted plain TCP connection (i.e. >> http_port), then Squid should be able to handle (e.g., deny, forward, >> cache, and log) those requests individually. >> If you do not know which case applies to you, it is most likely the >> first case because plain "GET https://..."; requests are rare and are >> usually seen in non-intercepting setups. >> HTH, >> Alex. > > _______________________________________________ > squid-users mailing list > [email protected] > https://lists.squid-cache.org/listinfo/squid-users _______________________________________________ squid-users mailing list [email protected] https://lists.squid-cache.org/listinfo/squid-users
