[squid-users] HTTPS Requests in a Transparent Proxy without SSL Bump

Alex Rousskov rousskov at measurement-factory.com
Mon Oct 20 16:41:03 UTC 2025

Previous message (by thread): [squid-users] HTTPS Requests in a Transparent Proxy without SSL Bump
Next message (by thread): [squid-users] HTTPS Requests in a Transparent Proxy without SSL Bump
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2025-10-20 05:29, Gonzalo Vázquez Enjamio wrote:

> My question is if it would be possible to log HTTPS traffic, in a Squid 
> in transparent mode, without intercepting the traffic?
> 
> I know it's possible with a proxy in explicit mode, but in transparent mode?

Your earlier question had "without using an SSL Bump" condition. I 
assume your revised question uses that condition as well.

I believe I have answered your earlier question, but since you are 
asking a similar question again, I assume that my earlier response was 
problematic. I do not know what that problem was, and you have not told 
me why that earlier answer was not satisfactory, but perhaps there is a 
conflict in terminology:

* How do you define "transparent mode"?

* How do you define "intercepting the traffic"?

* Do you want to log individual HTTP(S) transaction details (e.g., 
request URLs) or just TCP-level connection details (e.g., IP addresses 
and ports)?

Alex.

> El vie, 17 oct 2025 a las 15:24, Alex Rousskov escribió:
> 
>     On 2025-10-17 05:57, Gonzalo Vázquez Enjamio wrote:
> 
>      > Is it possible to handle HTTPS requests and log them in a
>     transparent
>      > proxy with Squid without using an SSL Bump?
> 
>     If you are asking about intercepted TLS connections (i.e. https_port),
>     then all Squid can do with them (without SslBump) is to log TCP-level
>     details of each connection. No individual HTTP requests are visible to
>     Squid in this setup.
> 
>     If you are asking about plain text HTTP requests for "https://..."
>     targets/URLs arriving on an intercepted plain TCP connection (i.e.
>     http_port), then Squid should be able to handle (e.g., deny, forward,
>     cache, and log) those requests individually.
> 
>     If you do not know which case applies to you, it is most likely the
>     first case because plain "GET https://..." requests are rare and are
>     usually seen in non-intercepting setups.
> 
> 
>     HTH,
> 
>     Alex.
>

Previous message (by thread): [squid-users] HTTPS Requests in a Transparent Proxy without SSL Bump
Next message (by thread): [squid-users] HTTPS Requests in a Transparent Proxy without SSL Bump
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the squid-users mailing list