[squid-users] Squid integration with Netskope forward to proxy

[Amos Jeffries]

On 12/01/2026 21:44, Matus UHLAR - fantomas wrote:
> On 11.01.26 16:58, Ben Goz wrote:
>> My customer netskope cloud configures forward to proxy to my squid proxy.
>> The forwarding works only if Netskope's ssl decryption disabled, If ssl
>> decryption enabled
>> I can't see in the access log the traffic forwards to squid from 
>> Netskope.
>>
>> I suspect that Netskope forwards encrypted data to squid but I'm not sure
>> that is the case because the Connect request is never encrypted and I 
>> don't
>> see it on the access log.
> 
> 
>> Anyones know how Netskope and squid can work together without disabling
>> Netskope decryption (MITM)?
> 
> This is completely issue of netskope proxy.
> 
> If netskope proxy decides to forward or not to forward request to squid, 
> squid can't do anything with it.


Nod. If there is no CONNECT tunnel request reaching Squid then it is not 
being forwarded in the classical "over-HTTP" way.

I would check to see what is happening on port 443 when the traffic is 
"forwarded". HTTPS may actually be routed rather than relayed/proxied.
Or perhapse it is being sent to some other port number, though how to 
find that may require asking your customer or Netskope directly for more 
details on how it is setup there.


FWIW, Squid can receive HTTPS/443 traffic fine. Just use "https_port" 
(note the 's') to receive it instead of the regular HTTP port, and will 
need a SSL server certificate (can be self-signed) for your Squid which 
the customer software trusts.


HTH
Amos