[squid-users] logging https websites

Amos Jeffries squid3 at treenet.co.nz
Wed Dec 9 22:03:04 UTC 2015


On 10/12/2015 7:25 a.m., Leonardo Rodrigues wrote:
> Em 09/12/15 13:11, George Hollingshead escreveu:
>> is there a simple way to log request made to https sites.  I just want
>> to see sites visited without having to set up tunneling and all this
>> complex stuff i'm reading about.
>>
>> Hoping there's a simple way, and yes, i'm a newb but smart enough to
>> have your awesome program running; hehe
>>
>     If you really want a SIMPLE way, than the answer is NO, that's not
> possible
> 
>     With simply configuring the proxy on the users browsers, you'll be
> able to see the hostname, but not the full URL
> 
> user acessing https://www.gmail.com/mail/something/INBOX
> will appear on the logs just as
> CONNECT www.gmail.com
> 
>     and that's how it works ... the path is only visible to the
> endpoints, the browser and the server, squid just carries the encripted
> tunnel between them, without knowing what's happening inside.
> 
>     is it possible to decript and see the full path on the logs, being
> able to filter on them and everything else ?? YES, that's ssl-bump, but
> that's FAR from being an easy setup ...
> 

It is also worth noting that clients sending SNI can have their prot 443
traffic intercepted, then logged without actually decrypting.
The setup for that looks like the normal ssl-bump setup. But just peeks
and splices everything.

Amos



More information about the squid-users mailing list