[squid-users] ssl_crtd breaks after short time

Klavs Klavsen kl at vsen.dk
Tue Jun 9 14:51:41 UTC 2015


Amos Jeffries wrote on 06/09/2015 03:06 PM:
>
> The HTTP message log (access.log) is only logging the HTTP(S) messages.
> The non-HTTP protools are not logged.
>
>>
>> 10.xx.131.244 - - [09/Jun/2015:08:40:15 +0200] "CONNECT
>> 64.233.184.94:443 HTTP/1.1" www.google.dk - 200 20042
>> TCP_TUNNEL:ORIGINAL_DST peek
>
> This got peeked then spliced (not decrypted). There is no decrypted
> message(s) to be logged or even to pass through http_access.
>
I'm obviously not understanding something.. I would like squid to "fake 
the certificate" - and then when the clients sends an actual request - 
run that through http_access.. so I can match on urls..

I'd rather not filter on only domain if possible..

Is that not possible currently with squid?

-- 
Regards,
Klavs Klavsen, GSEC - kl at vsen.dk - http://www.vsen.dk - Tlf. 61281200

"Those who do not understand Unix are condemned to reinvent it, poorly."
   --Henry Spencer



More information about the squid-users mailing list