[squid-users] https full url

Jason Haar Jason_Haar at trimble.com
Sun Jan 17 19:55:06 UTC 2016


On 17/01/16 06:16, xxiao8 wrote:
> Basically I'm trying to see how to get the http-header info from a
> bumped ssl connection and use them directly inside
> squid.conf(including external acl), otherwise icap/ecap is unavoidable
> for bumped ssl http header analysis. 
You must have done it wrong. First check: the squid access.log should
show the entire https url (eg "(GET|CONNECT)
https://google.com/search?q=squid+is+great" - not "CONNECT
google.com:443") - if it doesn't - then ICAP can't "see" the url either

I've done it in the past and it definitely works within ICAP: eg you can
block https urls (instead of just domains) and can use ICAP to pass
https urls through AV/etc. However, cert pinning is a real problem -
especially in transparent/intercept mode. Very frustrating: the Internet
is rapidly moving to HTTPS and yet network-based security like content
filtering proxies find it hard to keep up as they have become the enemy
(because they can be used for evil as well as good). 

-- 
Cheers

Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1



More information about the squid-users mailing list