[squid-users] Clarification on icap
Amos Jeffries
squid3 at treenet.co.nz
Mon Sep 26 12:50:06 UTC 2016
On 27/09/2016 12:41 a.m., James Lay wrote:
> Hey all,
>
> So I'm going to try and get some visibility into tls traffic. Not
> concerned with the sslbumping of the traffic, but what I DON'T know
> what to do is what to do with the traffic once it's decrypted. This
> squid machine runs IDS software as well, so my hope was to have the IDS
> software listen to traffic that'd decrypted, but for the life of me I'm
> not sure where to start. Does squid pipe out a stream? Or does the
> IDS listen to a different "interface"? Is this where ICAP comes in?
Keeping it secure is of high importance. So ensuring that any
connections it goes over are securely encrypted somehow is important.
The best way to ensure data security is not to transmit it. What data
does the IDS actually need? and can you 'log' only those details to a
private pipe/socket the IDS is reading?
Amos
More information about the squid-users
mailing list