[squid-users] logging https websites

[Leonardo Rodrigues]

Em 09/12/15 13:11, George Hollingshead escreveu:
> is there a simple way to log request made to https sites.  I just want 
> to see sites visited without having to set up tunneling and all this 
> complex stuff i'm reading about.
>
> Hoping there's a simple way, and yes, i'm a newb but smart enough to 
> have your awesome program running; hehe
>
     If you really want a SIMPLE way, than the answer is NO, that's not 
possible

     With simply configuring the proxy on the users browsers, you'll be 
able to see the hostname, but not the full URL

user acessing https://www.gmail.com/mail/something/INBOX
will appear on the logs just as
CONNECT www.gmail.com

     and that's how it works ... the path is only visible to the 
endpoints, the browser and the server, squid just carries the encripted 
tunnel between them, without knowing what's happening inside.

     is it possible to decript and see the full path on the logs, being 
able to filter on them and everything else ?? YES, that's ssl-bump, but 
that's FAR from being an easy setup ...



-- 


	Atenciosamente / Sincerily,
	Leonardo Rodrigues
	Solutti Tecnologia
	http://www.solutti.com.br

	Minha armadilha de SPAM, NÃO mandem email
	gertrudes at solutti.com.br
	My SPAMTRAP, do not email it