Hi All,
there is log show in log screen but it show only HTTP requests, can I see HTTPS requests in log screen?
Thanks normis for your response.Not sure what you mean about HTTP logs. Did you configure transparent proxy for HTTP and enabled logging? Then yes, it will show.
HTTPS can't be proxied, so you can't achieve the same result. HTTPS is encrypted.
Thank you very much NormisThis is not possible
I have to disagree here. As an example, Squid logs the hostname that it proxied the connection to along with the number of bytes transferred.This is not possible
Hi troffasky,I have to disagree here. As an example, Squid logs the hostname that it proxied the connection to along with the number of bytes transferred.This is not possible
For http yes. How is the squid transparently proxying https without the end user getting problems?I have to disagree here. As an example, Squid logs the hostname that it proxied the connection to along with the number of bytes transferred.This is not possible
Do you want to break the SSL connection? The only thing you'll get with HTTPS [edit: if you're explicitly proxying it] is the hostname that the connection was proxied to and the number of bytes transferred.Hi troffasky,I have to disagree here. As an example, Squid logs the hostname that it proxied the connection to along with the number of bytes transferred.This is not possible
Could you please give me notes about squid logs to Monitoring of web searches and video viewing by employees especially "https".
1510849421.345 2610 192.168.1.3 TCP_TUNNEL/200 9926 CONNECT i.mt.lv:443 - HIER_DIRECT/2a02:610:7501:1000::197 -
1510849423.908 6511 192.168.1.3 TCP_TUNNEL/200 9417 CONNECT wiki.mikrotik.com:443 - HIER_DIRECT/2a02:610:7501:1000::201 -
1510849423.931 7546 192.168.1.3 TCP_TUNNEL/200 114953 CONNECT wiki.mikrotik.com:443 - HIER_DIRECT/2a02:610:7501:1000::201 -
Having re-read the thread, I have misunderstood. I had assumed the OP was using an explicit proxy not a transparent one.How is the squid transparently proxying https without the end user getting problems?
You can monitor encrypted traffic but there are legal and technical obstacles. You need to a) work out if it's legal where you are b) get the monitored devices to trust a certificate that you can re-encrypt their traffic with.Ok, I understand now. is there is a expert way to trace the encrypted HTTPS requests?
because I want to record all breached roles.
I have to disagree here. You can get the same info for transparently proxied https, using squid.The only thing you'll get with HTTPS [edit: if you're explicitly proxying it] is the hostname that the connection was proxied to