[squid-users] peek and splice content inspection question
yvoinov at gmail.com
Thu Aug 13 20:54:21 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
14.08.15 2:02, Marko Cupać пишет:
> On Fri, 14 Aug 2015 03:38:47 +1200
> Amos Jeffries <squid3 at treenet.co.nz> wrote:
>> On 14/08/2015 12:47 a.m., Marko Cupać wrote:
>>> a few years ago I had a working setup of squid + dansguardian which
>>> was giving me ability to inspect traffic and filter it according to
>>> various criteria, mainly extensions, mime types and presence of
>>> malicious code (clamav).
>>> Lately most of the web moved to https, and dansguardian isn't
>>> maintained for almost three years, which made my setup obsolete.
>>> Is it possible - by means of squid's peek and splice feature - to
>>> inspect file extensions and mime types of https traffic? Can bumped
>>> https traffic be forwarded to icap (squidclamav) for AV scanning?
>> Doing so is the features intended purpose.
>>> finally, would overly curious and unethical admin be able to easily
>>> dump bumped data and find sensitive information there?
>> When correctly used TLS cannot be decrypted.
>> BUt, most use of HTTPS today is not using TLS correctly.
>> If it could be bumped at all then it could be dumped as easily as
>> inspected by an AV.
>> Like a sharp knife can be as easily used for cutting vegetables as
>> throats. Ones intent has nothing to do with the tools capability or
> I completely agree with you, I shouldn't have mixed intent with
> capability which is great and which I intend to put to good use.
> So, if I understand well, if I just send traffic to squidclamav on icap
> tcp port, then I don't store usernames and passwords or private emails
> in cache?
I would not worry about it. No physical access to the cache such data
does not pull out with proper administration. Unless, of course, do not
put a proxy in a phone booth on the street. If it starts to bother me -
I either start using encrypted file system, or build a completely black
box - completely disable logging of user access.
> This is important to me in order to explain the complete mechanism to
> management and to create understandable policy for end users.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
-----END PGP SIGNATURE-----
More information about the squid-users