squid sslbump

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

squid sslbump

yanier

Hi all:

 

I have a question and I would like to clarify this.
I have the following internet connection scheme

Proxy (administrator by me) - Router / FW - Proxy Parent - -Router - Internet

I would like to know if I could implement sslbump or similar to be able to filter traffic https (I think squid uses sslbump and slice) with this scheme without having to make changes in the parent proxy (I do not have access to do anything in the parent proxy).

If possible what configuration do you recommend?

If not, what other option do I have to filter https traffic in squid?


Greetings Yanier


_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: squid sslbump

Alex Rousskov
On 05/12/2017 01:58 PM, yanier wrote:
> I have the following internet connection scheme

> Proxy (administrator by me) - Proxy Parent - Internet

> I would like to know if I could filter https without having to make
> changes in the parent proxy

A general-purpose parent proxy has no affect on bumping SSL traffic by
the child proxy -- you may ignore such parent proxy existence as far as
modern SslBump is concerned.

It is possible to write a specialized proxy that would detect and resist
some forms of SSL bumping by child proxies, but I speculate that you are
unlikely to deal with such a situation.

Alex.

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users