[squid-users] Clarification on icap
James Lay
jlay at slave-tothe-box.net
Mon Sep 26 11:41:12 UTC 2016
Hey all,
So I'm going to try and get some visibility into tls traffic. Not
concerned with the sslbumping of the traffic, but what I DON'T know
what to do is what to do with the traffic once it's decrypted. This
squid machine runs IDS software as well, so my hope was to have the IDS
software listen to traffic that'd decrypted, but for the life of me I'm
not sure where to start. Does squid pipe out a stream? Or does the
IDS listen to a different "interface"? Is this where ICAP comes in?
Thanks for any assistance...just starting out so thought this would be
the best place to start.
James
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160926/a8098a1c/attachment.html>
More information about the squid-users
mailing list