Deb Heller-Evans wrote:
>
> Yes, this is true. I understand this, and for the life of me I can't
figure out why I keep forgetting that the data *is* encrypted, and
> thus non-parsable... under normal conditions.
>
> However, in my current configuration, squid isn't logging that
> the request has been made. Or, for that matter, VirusWall is not
> logging it either (even though their TechSupport claims that it
> "logs a CONNECT [site]:443" when the user is browsing a secure
> site. It is NOT - even with verbose=yes).
>
> Am I missing a variable in squid.conf to make an INFO logging
> that the client has sent a request to a secure site (ie,
> requests to port 443)? If not, would it seem reasonable to others
> that this kind of request be logged as info only? If so, I would
> like to request an enhancement.
If you are performing interception (transparent) proxying, as I seem to
recall you are, your Squid isn't seeing those packets. Squid doesn't
handle tunnelling of SSL requests unless the browser is explicitly
configured to use the proxy--so you can't redirect 443 over to Squid,
and if it isn't redirected then Squid doesn't see them.
If VirusWall can be used in an interception configuration even with SSL
connections (it is possible I think, and Henrik has explained some time
ago on this list how it could be accomplished), then you may wish to
implement some form of port forwarding to redirect SSL requests on port
443 over to the VirusWall. It will then log those requests, I presume.
As it is, it never sees them either.
If you aren't using interception proxying, and your browsers are
explicitly configured, then just fill in the Squid address for all of
your clients SSL connections in addition to HTTP. You'll get logging of
those requests just like any other.
--
Joe Cooper <joe@swelltech.com>
Affordable Web Caching Proxy Appliances
http://www.swelltech.com
Received on Fri Oct 05 2001 - 11:55:56 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:02:37 MST