[squid-users] HTTPS Requests in a Transparent Proxy without SSL Bump

Matus UHLAR - fantomas uhlar at fantomas.sk
Sat Oct 25 16:44:57 UTC 2025

Previous message (by thread): [squid-users] HTTPS Requests in a Transparent Proxy without SSL Bump
Next message (by thread): [squid-users] SQUID-2025:2 workaround
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>>>>On 2025-10-20 05:29, Gonzalo Vázquez Enjamio wrote:
>>>>>My question is if it would be possible to log HTTPS traffic, 
>>>>>in a Squid in transparent mode, without intercepting the 
>>>>>traffic?
>>>>>I know it's possible with a proxy in explicit mode, but in 
>>>>>transparent mode?

>>>>On Oct 20, 2025, at 09:41, Alex Rousskov 
>>>><rousskov at measurement-factory.com> wrote:
>>>>Your earlier question had "without using an SSL Bump" condition. 
>>>>I assume your revised question uses that condition as well.
>>>>
>>>>I believe I have answered your earlier question, but since you 
>>>>are asking a similar question again, I assume that my earlier 
>>>>response was problematic. I do not know what that problem was, 
>>>>and you have not told me why that earlier answer was not 
>>>>satisfactory, but perhaps there is a conflict in terminology:
>>>>
>>>>* How do you define "transparent mode"?
>>>>
>>>>* How do you define "intercepting the traffic"?
>>>>
>>>>* Do you want to log individual HTTP(S) transaction details 
>>>>(e.g., request URLs) or just TCP-level connection details (e.g., 
>>>>IP addresses and ports)?

>On 2025-10-20 14:44, Matus UHLAR - fantomas wrote:
>>I believe that with bit of tweaking, even spliced SSL connection 
>>could be logged as "CONNECT %ssl::>sni"
>>
>>thus revealing at least requested server name of destination server 
>>(if available)

On 20.10.25 15:23, Alex Rousskov wrote:
>Yes, in cases where TLS SNI information is not encrypted _and_ Squid 
>is doing SslBump actions to extract that information.
>
>Gonzalo Vázquez Enjamio's original question excluded SslBump, but we 
>still do not know exactly what needs to be logged and in what setup. 
>We can add "client-origin TLS handshake info" to the list of things 
>that can be logged (in some cases, with some SslBump features 
>enabled).

I understood the OP's question as "without bumping SSLconnections"
perhaps Gonzalo would like to specify (sending Cc:)

-- 
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
The early bird may get the worm, but the second mouse gets the cheese.

Previous message (by thread): [squid-users] HTTPS Requests in a Transparent Proxy without SSL Bump
Next message (by thread): [squid-users] SQUID-2025:2 workaround
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the squid-users mailing list