Meanwhile, Joe Cooper says:
|
| If you are performing interception (transparent) proxying, as I seem to
| recall you are, your Squid isn't seeing those packets. Squid doesn't
| handle tunnelling of SSL requests unless the browser is explicitly
| configured to use the proxy--so you can't redirect 443 over to Squid,
| and if it isn't redirected then Squid doesn't see them.
Wow, have you ever illuminated the holes in my knowledge. It all
begins to make more sense to me (See that LightBulb over my head?
See how it is getting brighter??).
| If VirusWall can be used in an interception configuration even with SSL
| connections (it is possible I think, and Henrik has explained some time
| ago on this list how it could be accomplished), then you may wish to
| implement some form of port forwarding to redirect SSL requests on port
| 443 over to the VirusWall. It will then log those requests, I presume.
| As it is, it never sees them either.
Hmmm... I didn't catch this discussion in the archives - I'll have to
do another search.
| If you aren't using interception proxying, and your browsers are
| explicitly configured, then just fill in the Squid address for all of
| your clients SSL connections in addition to HTTP. You'll get logging of
| those requests just like any other.
Actually, I'm testing both interception and explicit proxying
config's to see which would gain us the better control, logging,
and response times - not necessarily in that order!
Joe, Thanks for the tips. I appreciate your clarity. More work to do!
deb
Received on Fri Oct 05 2001 - 12:30:44 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:02:37 MST