Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Logging URLs

    Scheduled Pinned Locked Moved General pfSense Questions
    13 Posts 5 Posters 8.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C Offline
      Chrismallia
      last edited by

      Hi sorry I did not clear it for you in the first post.
      Yes you will have to go to the browser in every machine and point it to the proxy server (squid). As for the cert you will have to create a cert in pfsense then export it and install it in every machines browser.

      1 Reply Last reply Reply Quote 0
      • F Offline
        fonwenu
        last edited by

        Hmmm, I would probably have to find a different method, as this method would take a lot in my place of business. Do you have any other suggestion as far as pfsense is involved?

        1 Reply Last reply Reply Quote 0
        • C Offline
          Chrismallia
          last edited by

          Using pfsense there isn't any better way

          1 Reply Last reply Reply Quote 0
          • johnpozJ Offline
            johnpoz LAYER 8 Global Moderator
            last edited by

            While you could push the proxy to your clients via group policy if your an AD shop.. Or with simple autodiscovery WPAD for example.

            If your wanting to do mitm for https sites all your clients would have to trust the CA creating the https certs.  Snooping on https is opening up a whole can of worms that for sure your business management would really need to sign off on.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • F Offline
              fonwenu
              last edited by

              Thanks for your response. Really not trying to attempt a MITM attack. All we want to do is log what websites users are going to.

              1 Reply Last reply Reply Quote 0
              • johnpozJ Offline
                johnpoz LAYER 8 Global Moderator
                last edited by

                So been a while since I played with squid, but normally if all your doing is passing the https through squid via a connect you should be able to get the log of the base url, but you would not get the full url..

                So you might see forum.pfsense.org 443 in the log but not say https://forum.pfsense.org/index.php?topic=127335.0

                I would have to fire up squid and test if you need help in doing this.  If you wanted the full url showing index.php?topic=127335.0 you would need to do the mitm thing.  This is when your client would have to trust the ca proxy is using to generate the the fake cert to use..

                look here for your options of https through squid
                http://wiki.squid-cache.org/Features/HTTPS

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                1 Reply Last reply Reply Quote 0
                • F Offline
                  fonwenu
                  last edited by

                  Doesn't have to be the full url. I can take what I can get from this point.

                  1 Reply Last reply Reply Quote 0
                  • U Offline
                    User412287
                    last edited by

                    @fonwenu:

                    Thanks for your response. Really not trying to attempt a MITM attack. All we want to do is log what websites users are going to.

                    You won't be able to see what https websites users are going to without something like a MITM.  The requests are encrypted.

                    1 Reply Last reply Reply Quote 0
                    • DerelictD Offline
                      Derelict LAYER 8 Netgate
                      last edited by

                      Squid peek/splice can log the HTTPS domain visited, but not the complete URL.

                      This can be done in transparent mode without installing and trusting CAs on every client or dealing with WPAD, etc.

                      Chattanooga, Tennessee, USA
                      A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                      DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                      Do Not Chat For Help! NO_WAN_EGRESS(TM)

                      1 Reply Last reply Reply Quote 0
                      • F Offline
                        fonwenu
                        last edited by

                        Thanks this help a lot

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.