SSL Sites not redirecting and showing in logs in Transparent Mode using WCCP

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

SSL Sites not redirecting and showing in logs in Transparent Mode using WCCP

Gopi Joshi
Hello 

I have installed Squid 3.5 on REdHat and configured it in transparent mode using WCCP. On 4500 switch we are redirecting Port 80 and 443 , i am not able to see SSL websites in access.logs , it shows only IP address.also we are not able to webchain SSL websites based on URL , below is configuration , rest are default

http_port 3128 transparent
https_port 3127 intercept ssl-bump cert=/opt/squid_certs/proxyCA.pem

### No decryption ##
ssl_bump none all
sslcrtd_program  /usr/lib64/squid/ssl_crtd -s /opt/squid_ssldb/ssl_db -M 40MB
sslcrtd_children 5

WCCP Configuration 
==================

# WCCPv2 parameters
wccp2_router 10.1.1.1
wccp2_forwarding_method l2
wccp2_return_method l2
wccp2_assignment_method mask
wccp2_rebuild_wait off
wccp2_service standard 0
wccp2_service dynamic 70
wccp2_service_info 70 protocol=tcp flags=dst_ip_hash,src_ip_alt_hash,src_port_alt_hash priority=231 ports=443
#wccp2_service_info 70 protocol=tcp priority=231 ports=443


is there a way for squid to see URL / Domain information for SSL Sites without decrypting ? 

Regards
GJoshi

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: SSL Sites not redirecting and showing in logs in Transparent Mode using WCCP

Alex Rousskov
On 01/22/2018 11:01 AM, Gopi Joshi wrote:

> I have installed Squid 3.5 on REdHat and configured it in transparent
> mode using WCCP. On 4500 switch we are redirecting Port 80 and 443 , i
> am not able to see SSL websites in access.logs , it shows only IP
> address.also we are not able to webchain SSL websites based on URL ,

> ssl_bump none all

> is there a way for squid to see URL / Domain information for SSL Sites
> without decrypting ? 

URLs -- no.

Domains -- yes, in most cases. Most SSL clients should send a TLS SNI
extension that contains some variation of the intended domain name. To
get access to SNI, you should tell your Squid to peek at the SSL client
handshake:

  ssl_bump peek step1
  ssl_bump splice all

If you also want to know the site certificate details, then you would
need to peek at the server handshake as well:

  ssl_bump peek all
  ssl_bump splice all


N.B. Please note that I do not know what "webchain websites" means.


HTH,

Alex.
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users