On 2025-10-20 14:44, Matus UHLAR - fantomas wrote:
On 20.10.25 10:59, Jonathan Lee wrote:
There is also a setting called t-proxy I tried it seems to work well
when compared to intercept and transparent. I read about it in pfSense
you have to adapt the config to make it work.
Tproxy means transparent/intercept (it's the same) + changing outgoing
IP address as if the connection went from clients' original IP address.
The rest is still the same.
On Oct 20, 2025, at 09:41, Alex Rousskov
<[email protected]> wrote:
On 2025-10-20 05:29, Gonzalo Vázquez Enjamio wrote:
My question is if it would be possible to log HTTPS traffic, in a
Squid in transparent mode, without intercepting the traffic?
I know it's possible with a proxy in explicit mode, but in
transparent mode?
Your earlier question had "without using an SSL Bump" condition. I
assume your revised question uses that condition as well.
I believe I have answered your earlier question, but since you are
asking a similar question again, I assume that my earlier response
was problematic. I do not know what that problem was, and you have
not told me why that earlier answer was not satisfactory, but perhaps
there is a conflict in terminology:
* How do you define "transparent mode"?
* How do you define "intercepting the traffic"?
* Do you want to log individual HTTP(S) transaction details (e.g.,
request URLs) or just TCP-level connection details (e.g., IP
addresses and ports)?
I believe that with bit of tweaking, even spliced SSL connection could
be logged as "CONNECT %ssl::>sni"
thus revealing at least requested server name of destination server (if
available)
Yes, in cases where TLS SNI information is not encrypted _and_ Squid is
doing SslBump actions to extract that information.
Gonzalo Vázquez Enjamio's original question excluded SslBump, but we
still do not know exactly what needs to be logged and in what setup. We
can add "client-origin TLS handshake info" to the list of things that
can be logged (in some cases, with some SslBump features enabled).
Alex.
El vie, 17 oct 2025 a las 15:24, Alex Rousskov escribió:
On 2025-10-17 05:57, Gonzalo Vázquez Enjamio wrote:
> Is it possible to handle HTTPS requests and log them in a
transparent
> proxy with Squid without using an SSL Bump?
If you are asking about intercepted TLS connections (i.e.
https_port),
then all Squid can do with them (without SslBump) is to log
TCP-level
details of each connection. No individual HTTP requests are
visible to
Squid in this setup.
If you are asking about plain text HTTP requests for "https://...";
targets/URLs arriving on an intercepted plain TCP connection (i.e.
http_port), then Squid should be able to handle (e.g., deny,
forward,
cache, and log) those requests individually.
If you do not know which case applies to you, it is most likely the
first case because plain "GET https://..."; requests are rare and are
usually seen in non-intercepting setups.
_______________________________________________
squid-users mailing list
[email protected]
https://lists.squid-cache.org/listinfo/squid-users
