[squid-users] logging https websites
squid3 at treenet.co.nz
Wed Dec 9 22:03:04 UTC 2015
On 10/12/2015 7:25 a.m., Leonardo Rodrigues wrote:
> Em 09/12/15 13:11, George Hollingshead escreveu:
>> is there a simple way to log request made to https sites. I just want
>> to see sites visited without having to set up tunneling and all this
>> complex stuff i'm reading about.
>> Hoping there's a simple way, and yes, i'm a newb but smart enough to
>> have your awesome program running; hehe
> If you really want a SIMPLE way, than the answer is NO, that's not
> With simply configuring the proxy on the users browsers, you'll be
> able to see the hostname, but not the full URL
> user acessing https://www.gmail.com/mail/something/INBOX
> will appear on the logs just as
> CONNECT www.gmail.com
> and that's how it works ... the path is only visible to the
> endpoints, the browser and the server, squid just carries the encripted
> tunnel between them, without knowing what's happening inside.
> is it possible to decript and see the full path on the logs, being
> able to filter on them and everything else ?? YES, that's ssl-bump, but
> that's FAR from being an easy setup ...
It is also worth noting that clients sending SNI can have their prot 443
traffic intercepted, then logged without actually decrypting.
The setup for that looks like the normal ssl-bump setup. But just peeks
and splices everything.
More information about the squid-users