[squid-users] Fwd: Modifying squid

[Ģirts Dālbergs]

Good day to You on the other side!
Not sure where to ask this, so I`m just going to do it here. If this is
the wrong place, please redirect me to the appropriate one.
I`m a squid user and an administrator in a company and I`ve been
requested to produce a HTTPS traffic inspection tool. I`ve decided to
use your software, but I would need to be able to act more freely with
the traffic at its unencrypted state. More specifically I would like to
pass the traffic through Suricata software first. I understand that
there is an "outline" option to suricata that I even would know how to
configure to work, but I need it to be inline with squid to be able to
drop traffic if needed. Suricata only works with unencrypted traffic and
even if I feed it the encryption key, so I need to be able to run squid
-> decrypt the traffic and apply some rules -> pass it to suricata for
serious inspection -> pass it back to squid (if not dropped) -> encrypt
it as normal and forward it. I`ve been turning the internet upside down
for an open source solution for this issue, that provides whitelisting,
automatic certificate generation and ability to work with an IPS inline.
None do so, but squid is the best option since it does everything asked
besides the IPS. So I would like to know if you could give me some
answers to questions:
Are you planning to develop such an option in the future?
Is there a way to do this now?
And last but not least: If I would decide to modify the code or write a
plugin myself, could you suggest where to do it or what parts of the
code should I look at.
Thank you very much and I will be looking forward to hearing from you.
Sincerily,
Network administrator Ģirts.