Search squid archive

Re: Re: https traffic using squid and icap

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 21/06/2013 1:07 p.m., sjaipuri wrote:
Thanks Amos for your response.

Just like to clarify, do you mean squid only sends request/response header
to ICAP?

(If I understood right then) some of the service on ICAP are used for virus
detection in which they access the content of all packet. I might need to
read more on this.

No. Squid sends the whole messages. But only for messages which are parseable by Squid using plain-text HTTP parser. The SSL-bumping converts HTTPS CONNECT tunnels into a series of plain HTTP requests for https:// URLs before that parsing process so ICAP can be sent them.

Are you perhapse confusing binary payload objects for encrypted HTTPS traffic?

At the *very* least you will be seeing the plain-text ICAP protocol headers in your tcpdump if you are grabbing the ICAP traffic like you say you are.


Do you know anyone using which I can have access of https traffic in plain
text format on squid or ICAP ?

Everyone using SSL-bump feature successfully, and there are quite a few now.

Amos




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux