0

Sorry if this has been answered but i just can't get it to work for me.

We would like to log all HTTPS & HTTP requests but not to use Squid-in-the-middle. We would like the proxy to connect the HTTPS directly as we don't care about the traffic only the domain that it might be going to.

We are using WCCP to do the initial redirect of 443 and Iptables Prerouting to forward onto squid.

I can't use a PAC or auto configuration file, and clients are blocked by our firewall from connecting to the Internet directly on 443. :-(

Is this even possible without MITM?

Any help with this is much appreciated, thanks in advance.

Bryan Ice
  • 1
  • 2
  • Squid should be the MITM if you want to log anything. –  Sep 06 '14 at 13:39
  • I can setup squid as MITM, is it possible to setup Squid just to forward log the traffic and forward it onto the Internet without decryption & encrypting it, as we don't want to installing certificates on everyone's machines. – Bryan Ice Sep 16 '14 at 17:16

1 Answers1

0

Yes there is a way to do https WCCP redirection without MITM. You have to force Squid not to ssl-bump incoming SSL traffic. 

ssl_bump none all

HOpe that helps. I have a complete article here that goes into WCCP redirection using a Cisco ASA including both http and https. Web SSL Proxy redirection using WCCP Ccisco ASA and Squid 3.4+

Jim
  • 988
  • 7
  • 20
  • 33