[squid-users] Squid proxy server to log HTTPS traffic

Helen Rai helen.rai at nepallink.net
Thu Aug 2 07:05:48 UTC 2018


The MikroTik router I am using has 24 ports.
There is 4 department and for each department 4 ports of Mikrotik is given.
That is
Department A has 4 computers and each of them is connected with ethernet
cable from port 4,5,6 and 7 of Mikrotik Router.
Department B, C, and D have the same number of the computer as Department A
and they are connected to 8,9,10,11 and 12,13,14,15 and 16,17,18,19 port of
Mikrotik respectively with the ethernet cable.
Each department is in different network (different private IP range).
Each department is later combined into each bridge interface.
Port 20 of Mikrotik is connected to Unifi-AP, which is broadcasting WiFi
signals. Mobile devices and Laptop which are not connected via ethernet
cable uses WiFi signals.
One of the port from Department A is connected to Raspberry Pi where squid
is configured.
Now what I want to do is log all the web traffic that is requested from
those devices which are using WiFi.
I have attached the configuration of squid and Mikrotik which I had done
for HTTP. (Please note that when I had done this for HTTP, the squid wasn't
configured with --enable-SSL or --enable-crtd)

I had referred some online sites to do for HTTPS but none of them worked.
Please help if anyone knows how to log all HTTPS request.

I have attached document regarding the rules applied in Mikrotik and squid3
configuration for HTTP.

Helen Rai
Platform operations, Nepallink
44260822 || 9841262275 || support at nepallink.net <abuse at nepallink.net>
http://www.nepallink.net || Link Road, Khusibu

On Mon, Jul 30, 2018 at 7:34 PM, Amos Jeffries <squid3 at treenet.co.nz> wrote:

> On 30/07/18 22:58, Helen Rai wrote:
> > Hi,
> >
> > I am using  Mikrotik Routerboard Model CRS125-24G-1S-2HnD which Links
> > the internal network with WAN. One of the port is connected with WiFi
> > Router which is broadcasting WiFi signal. Some of the devices work on
> > WiFi network. I have installed squid3 (Version 3.5.27) in Raspberry Pi
> > which is also connected with Mikrotik. Squid is installed with
> --enable-SSL.
> >
> The --enable-ssl option was removed in Squid-3.5.
> <http://www.squid-cache.org/Versions/v3/3.5/squid-3.5.28-
> RELEASENOTES.html#ss4.3>.
> Use --with-openssl instead, and ensure the Debian libssl1.0-dev package
> is installed when building.
> To see any URLs inside the HTTPS you will need --enable-ssl-crtd.
> > Now, what I want to do is Redirect or log all the HTTP and HTTPS
> > requests are done from devices which are in WiFi network to squid proxy
> > server.
> >
> > I have tried doing it for months now, I am able to log all HTTP traffic
> > but am unable to do it for HTTPS.
> >
> > Please help me with this and if you need any detail from me, please
> > contact me.
> >
> If using the correct build option(s) does not resolve your problem we
> will need to know what the Mikrotik routign settings, Rasberry Pi
> routing and NAT settings, and squid.conf *_port lines are to provide any
> assistance.
> Amos
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20180802/a460595c/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Mikrotik_rules
Type: application/octet-stream
Size: 320 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20180802/a460595c/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: squid_conf
Type: application/octet-stream
Size: 1104 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20180802/a460595c/attachment-0001.obj>

More information about the squid-users mailing list