[squid-users] Gather POST request on HTTPS traffic?

Eliezer Croitor ngtech1ltd at gmail.com
Mon Nov 23 01:02:44 UTC 2020

Hey Roee,

>From what I remember the best solution would be to use an eCAP module in the long term.
You can use the debug_options and it will work good.
The main issue with this is the DISK IO.
If you do have beefy hardware and SSD+RAM on the machine then the debug_options might be good enough for you.

But the most important thing is to test and verify if it works in your specific environment.

All The Bests,

Eliezer Croitoru
Tech Support
Mobile: +972-5-28704261
Email: ngtech1ltd at gmail.com

-----Original Message-----
From: squid-users <squid-users-bounces at lists.squid-cache.org> On Behalf Of Amos Jeffries
Sent: Tuesday, November 17, 2020 2:09 AM
To: squid-users at lists.squid-cache.org
Subject: Re: [squid-users] Gather POST request on HTTPS traffic?

On 17/11/20 12:14 pm, roee klinger wrote:
> Hello everyone,
> I work at a digital agency that has quite a few machines that are 
> managing some Instagram accounts, they are all running in the same LAN 
> and we are using Squid as a proxy to log and analyze some usage 
> statistics and to make sure the machines are only used for Instagram.
> We had an idea to use Squid to capture the POST data of users on the 
> proxy level, for example, likes, follows, comments, etc so we can log 
> and analyze everything in a convenient central way, so we can analyze it 
> and even send out clients a monthly report of all the actions their 
> accounts made (who they followed, what they liked, etc).
> I can easily see the requests that I want to capture inside the 
> "network" tab in Chrome but the problem is that Instagram uses HTTPS, so 
> I can't seem to be able to capture this data.
> Is there any way for me to log this data via Squid using the POST data 
> or any other way?

Access to HTTPS transactions for a domain you do not own requires the 
SSL-Bump feature to decrypt ("bump") the TLS layer.
  see <https://wiki.squid-cache.org/Features/SslPeekAndSplice>.

You could use cache.log with "debug_options ALL,1 11,2" configured to 
log the transactions. However an ICAP service or eCAP module that does 
both the record and analyze for you is probably better.

> Note: We are aware of the legal issues, all machines connected to the 
> network are company property, and all the accounts are client accounts 
> that allow us to gather statistics. No personal account data will be 
> gathered.

Please be aware:
   That statement conflicts with the stated purpose(s) of your plan.

Personal data *will* be part of the messages you are decrypting and 
recording for analysis. Further, to perform targeted reports such as 
described you must also associate the data with accounts somehow.

squid-users mailing list
squid-users at lists.squid-cache.org

More information about the squid-users mailing list