RE: [squid-users] Squid 3.1.6 and transparent mode: HTTPS from Boniforti Flavio on 2010-10-12 (squid-users)

From: Boniforti Flavio <flavio_at_piramide.ch>
Date: Tue, 12 Oct 2010 08:44:59 +0200

Woooops... I thought I already replied, but instead my mail was in the
drafts folder :-/ So here I go:

Hello Amos and thanks for your reply.

[cut]

> > 3) would I completely miss the traffic done in HTTPS in my
> webalizer
> > stats, if there'd be no way to have transparently proxied HTTPS
> > requests?
>
> This is only a problems due to the "transparent".
>
> If you can discard the "transparent" part of the setup the
> client browsers will send their HTTPS requests to Squid using
> CONNECT method, which gives webalizer all the client IP and
> destination domain details along with traffic sent/received
> there. All thats missing is the particular files being fetched.

OK, I've played around with this: I configured my own browser to use the
proxy and watched the access.log file. I saw those CONNECT connections,
and the fact that I'd miss the files being fetched, would be 100% ok for
me.

> Alternatives are to use firewall traffic accounting which can
> just as easily be gathered. Such as which client IP is using
> port 443 (HTTPS) to contact which external IPs and how much
> traffic they sent/received.

Of course, but then I would have the problem to "add" that info to my
webalizer logs. Would there be any way to "sum it up" to all the proxied
traffic?

> > Ah, BTW: as I *do not* intend to cache HTTPS
> traffic/requests, would it
> > be easier to set up this sort of "logging/filtering"?
>
> What is easier depends on your network setup.

I manage many different customer networks and there my primary goal is
to avoid users being able to bypass my proxy (which I use to filter
sites based on URLs).
By using transparent mode, I have full control over network traffic: I
can configure iptables and squid to do what I want them to. Actually, my
users have discovered how to change proxy settings (even if configured
by Windows Group Policies, because many are using alternative browsers
like Firefox, Opera, and so on). So my countermeasure would be to use
the transparent mode.
My second goal (less important, but I want complete and precise data) is
to have *all* the internet traffic showing up in webalizer reports: how
to achieve both things?

Kind regards and thanks for helping me out (and making me brainstorm a
bit) ;-)

Flavio Boniforti

PIRAMIDE INFORMATICA SAGL
Via Ballerini 21
6600 Locarno
Switzerland
Phone: +41 91 751 68 81
Fax: +41 91 751 69 14
URL: http://www.piramide.ch
E-mail: flavio_at_piramide.ch
Received on Tue Oct 12 2010 - 06:45:10 MDT

This archive was generated by hypermail 2.2.0 : Tue Oct 12 2010 - 12:00:03 MDT