Ny way to log HTTPS requests (URLs) in a proxy server (Squid no transparent proxy)

httpssquid

We do not want to know what is inside the package. Only monitor the destination URLs. Is it possible?

In other words: I want the Squid log accesses without being transparent proxy.

Best Answer

SSL/TLS was designed for end-to-end security.

By default, most user agents will warn end-users about a possible man-in-the-middle attack (c) Squid wiki

Without SSl Bump/Dynamic certificate generation you will only see CONNECT and base domain part of url

Just like this

1352350302.532 1002 127.0.0.1 TCP_MISS 200 30185 CONNECT www.google.ge:443 - HIER_DIRECT 173.194.35.159 - 443 "Opera/9.80 (X11; Linux x86_64; U; en) Presto/2.10.289 Version/12.02

Instead of whole url like https://www.google.ge/#bav=on.2,or.&fp=61092a4c975e159e&num=100&q=asdasd&safe=off

Why is it so? Because HTTP header might contain some sensitive data, including session id (some ugly cases) and you might get access to the webpage/my session without my authorization, and because it's privacy - I don't want you to know that I am visiting some hidden porn sites :D

So, you (Squid) MUST know what is inside of package. In some countries this might be illegal.

Best Answer

Related Solutions

Squid – HTTPS Not Working in Transparent Proxy

Ubuntu – squid transparent proxy on all ports

Related Topic