On 12/01/2026 21:44, Matus UHLAR - fantomas wrote:
On 11.01.26 16:58, Ben Goz wrote:
My customer netskope cloud configures forward to proxy to my squid proxy.
The forwarding works only if Netskope's ssl decryption disabled, If ssl
decryption enabled
I can't see in the access log the traffic forwards to squid from
Netskope.
I suspect that Netskope forwards encrypted data to squid but I'm not sure
that is the case because the Connect request is never encrypted and I
don't
see it on the access log.
Anyones know how Netskope and squid can work together without disabling
Netskope decryption (MITM)?
This is completely issue of netskope proxy.
If netskope proxy decides to forward or not to forward request to squid,
squid can't do anything with it.
Nod. If there is no CONNECT tunnel request reaching Squid then it is not
being forwarded in the classical "over-HTTP" way.
I would check to see what is happening on port 443 when the traffic is
"forwarded". HTTPS may actually be routed rather than relayed/proxied.
Or perhapse it is being sent to some other port number, though how to
find that may require asking your customer or Netskope directly for more
details on how it is setup there.
FWIW, Squid can receive HTTPS/443 traffic fine. Just use "https_port"
(note the 's') to receive it instead of the regular HTTP port, and will
need a SSL server certificate (can be self-signed) for your Squid which
the customer software trusts.
HTH
Amos
_______________________________________________
squid-users mailing list
[email protected]
https://lists.squid-cache.org/listinfo/squid-users
