Re: [squid-users] Re: https traffic using squid and icap

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Fri, 21 Jun 2013 13:36:10 +1200

On 21/06/2013 1:07 p.m., sjaipuri wrote:
> Thanks Amos for your response.
>
> Just like to clarify, do you mean squid only sends request/response header
> to ICAP?
>
> (If I understood right then) some of the service on ICAP are used for virus
> detection in which they access the content of all packet. I might need to
> read more on this.

No. Squid sends the whole messages. But only for messages which are
parseable by Squid using plain-text HTTP parser. The SSL-bumping
converts HTTPS CONNECT tunnels into a series of plain HTTP requests for
https:// URLs before that parsing process so ICAP can be sent them.

Are you perhapse confusing binary payload objects for encrypted HTTPS
traffic?

At the *very* least you will be seeing the plain-text ICAP protocol
headers in your tcpdump if you are grabbing the ICAP traffic like you
say you are.

> Do you know anyone using which I can have access of https traffic in plain
> text format on squid or ICAP ?

Everyone using SSL-bump feature successfully, and there are quite a few now.

Amos
Received on Fri Jun 21 2013 - 01:36:25 MDT

This archive was generated by hypermail 2.2.0 : Fri Jun 21 2013 - 12:00:36 MDT