[squid-users] (no subject)

login mogin loginmogin at gmail.com
Sat Jul 14 02:51:34 UTC 2018


Hi,

I don’t get why you need a squid box for that purpose. If you have the
private key you could end the traffic on like nginx and just forward it to
saas, while doing that you could log the traffic as you want.

Best
Logan

On Fri, Jul 13, 2018 at 5:34 PM Krystyna Niesiołowska <
krystyna.niesiolowska at interia.pl> wrote:

> Hi All,
>
> In my company, the HR uses an outsourced SaaS (on a unique public IP)
> configured with a commercial SSL certificate (i.e. I have both the private
> and the public key) accessed by our employees via a subdomain of our
> company domain (saas.company.com) <http://saas.mycompany.com_> .
> Unfortunately, we cannot control the data being transferred by the HR
> people and because of the GDPR the board wants to be able to get alerts if
> anyone tries to transfer personal data to the cloud + a general channel to
> check against any data exfiltration.
>
> My idea is to set to route all traffic going to sass.company.com via a
> box running Squid with SSL interception. I would like to install the same
> cert as the one used with the SaaS. This is to avoid the need of installing
> any additional certs on use's' machines. Unfortunately, I cannot find an
> option to set Squid with a single commercial cert instead of a CA (commonly
> used to intercept generate individual certs for all of the SSL traffic).
>
> Does anybody have any suggestions on the viable setup?
>
> Best wishes,
>
> Kristin
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20180713/ac5aa148/attachment-0001.html>


More information about the squid-users mailing list