[squid-users] SSL Sites not redirecting and showing in logs in Transparent Mode using WCCP
Alex Rousskov
rousskov at measurement-factory.com
Mon Jan 22 18:44:05 UTC 2018
On 01/22/2018 11:01 AM, Gopi Joshi wrote:
> I have installed Squid 3.5 on REdHat and configured it in transparent
> mode using WCCP. On 4500 switch we are redirecting Port 80 and 443 , i
> am not able to see SSL websites in access.logs , it shows only IP
> address.also we are not able to webchain SSL websites based on URL ,
> ssl_bump none all
> is there a way for squid to see URL / Domain information for SSL Sites
> without decrypting ?
URLs -- no.
Domains -- yes, in most cases. Most SSL clients should send a TLS SNI
extension that contains some variation of the intended domain name. To
get access to SNI, you should tell your Squid to peek at the SSL client
handshake:
ssl_bump peek step1
ssl_bump splice all
If you also want to know the site certificate details, then you would
need to peek at the server handshake as well:
ssl_bump peek all
ssl_bump splice all
N.B. Please note that I do not know what "webchain websites" means.
HTH,
Alex.
More information about the squid-users
mailing list