On 21/06/2013 1:07 p.m., sjaipuri wrote:
Thanks Amos for your response.
Just like to clarify, do you mean squid only sends request/response header
to ICAP?
(If I understood right then) some of the service on ICAP are used for virus
detection in which they access the content of all packet. I might need to
read more on this.
No. Squid sends the whole messages. But only for messages which are
parseable by Squid using plain-text HTTP parser. The SSL-bumping
converts HTTPS CONNECT tunnels into a series of plain HTTP requests for
https:// URLs before that parsing process so ICAP can be sent them.
Are you perhapse confusing binary payload objects for encrypted HTTPS
traffic?
At the *very* least you will be seeing the plain-text ICAP protocol
headers in your tcpdump if you are grabbing the ICAP traffic like you
say you are.
Do you know anyone using which I can have access of https traffic in plain
text format on squid or ICAP ?
Everyone using SSL-bump feature successfully, and there are quite a few now.
Amos
