Re: [squid-users] Re: https traffic using squid and icap

From: Alex Crow <alex_at_nanogherkin.com>
Date: Fri, 21 Jun 2013 07:24:18 +0100

Hi,

If you go here:

http://www.eicar.org/85-0-Download.html

And try one of the https links, and c-icap gives you a virus warning,
then the content is being passed to c-icap.

Cheers

Alex

On 21/06/13 02:49, sjaipuri wrote:
> Now it make more sense to me.
>
> Yes, right now I am only seeing plain text ICAP headers for all https
> traffic. But I see whole payload for http traffic on ICAP port. Which you
> already mentioned that squid sends http message if it is able to parse it.
>
> As you say that ssl-bump will convert CONNECT to series of http request. I
> tried tcpdump on port 3128 (squid)/80/443/1344(ICAP) . But in all this case
> I only see unencrypted HTTP request for https traffic. However not able to
> see payload.
> Does ssl-bump decrypt the payload as well and make it available as plain
> text. ???
>
>
>
>
>
>
> --
> View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/https-traffic-using-squid-and-icap-tp4660720p4660733.html
> Sent from the Squid - Users mailing list archive at Nabble.com.
Received on Fri Jun 21 2013 - 06:24:21 MDT

This archive was generated by hypermail 2.2.0 : Fri Jun 21 2013 - 12:00:36 MDT