Re: [squid-users] SSL Traffic Monitoring

From: Michael Gale <michael.gale@dont-contact.us>
Date: Wed, 4 Aug 2004 16:04:12 -0600

Hello,

        This is a tricky one:

1. Traffic is encrypted so any attempt to proxy the traffic could be consider a man in the middle attack.
        - apparently there was a ssl patch or in a future version of squid you will be able to filter / log HTTPS connections.

Right now I am using the following method:

##### CONNECT proto - allow goodsites
acl goodsslsites dstdom_regex "/tmp/ssl_sites"
http_access deny !goodsslsites goodhttps

I have another filter that only allows the CONNECT method on port 443.

In my ssl_sites file is a list of domains that company employees need access to. I have added in all banks and a few
requested sites (once they where verified to be work related).

This was done to block people from running SSL tunnels over port 443 to gain access to non approved work applications.

Then on port 80 only allow HTTP traffic.

Michael.

On Wed, 4 Aug 2004 17:20:15 -0400
"McDonald, Rob" <RMcDonald@dieboldes.com> wrote:

>
> I am looking to start caching SSL traffic, so I can make the content conform
> to company HR policies.
>
> There are commercial products that do this. 
>
> I was wondering what the Squid crowd was doing for this issue?
>
> Thanks,
> Rob
>
>
>
>

-- 
Michael Gale
Network Administrator
Utilitran Corporation
Received on Wed Aug 04 2004 - 16:03:10 MDT

This archive was generated by hypermail pre-2.1.9 : Wed Sep 01 2004 - 12:00:01 MDT