On 20.10.25 10:59, Jonathan Lee wrote:
There is also a setting called t-proxy I tried it seems to work well when
compared to intercept and transparent. I read about it in pfSense you have to
adapt the config to make it work.
Tproxy means transparent/intercept (it's the same)
+ changing outgoing IP address as if the connection went from clients' original IP
address.
The rest is still the same.
On Oct 20, 2025, at 09:41, Alex Rousskov <[email protected]>
wrote:
On 2025-10-20 05:29, Gonzalo Vázquez Enjamio wrote:
My question is if it would be possible to log HTTPS traffic, in a Squid in
transparent mode, without intercepting the traffic?
I know it's possible with a proxy in explicit mode, but in transparent mode?
Your earlier question had "without using an SSL Bump" condition. I assume your
revised question uses that condition as well.
I believe I have answered your earlier question, but since you are asking a
similar question again, I assume that my earlier response was problematic. I do
not know what that problem was, and you have not told me why that earlier
answer was not satisfactory, but perhaps there is a conflict in terminology:
* How do you define "transparent mode"?
* How do you define "intercepting the traffic"?
* Do you want to log individual HTTP(S) transaction details (e.g., request
URLs) or just TCP-level connection details (e.g., IP addresses and ports)?
I believe that with bit of tweaking, even spliced SSL connection could be logged
as "CONNECT %ssl::>sni"
thus revealing at least requested server name of destination server (if
available)
El vie, 17 oct 2025 a las 15:24, Alex Rousskov escribió:
On 2025-10-17 05:57, Gonzalo Vázquez Enjamio wrote:
> Is it possible to handle HTTPS requests and log them in a
transparent
> proxy with Squid without using an SSL Bump?
If you are asking about intercepted TLS connections (i.e. https_port),
then all Squid can do with them (without SslBump) is to log TCP-level
details of each connection. No individual HTTP requests are visible to
Squid in this setup.
If you are asking about plain text HTTP requests for "https://...";
targets/URLs arriving on an intercepted plain TCP connection (i.e.
http_port), then Squid should be able to handle (e.g., deny, forward,
cache, and log) those requests individually.
If you do not know which case applies to you, it is most likely the
first case because plain "GET https://..."; requests are rare and are
usually seen in non-intercepting setups.
--
Matus UHLAR - fantomas, [email protected] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
99 percent of lawyers give the rest a bad name.
_______________________________________________
squid-users mailing list
[email protected]
https://lists.squid-cache.org/listinfo/squid-users
