SSL MITM Filtering - Splice All & SquidGuard Logs
-
Hello everyone! When I set the MITM filtering to Splice Whitelist, Bump Otherwise, the Squid logs tell me the full URL of the website that was visited by clients. When I change it to Splice All, the logs return as below for many websites. Is there anyway to make the Splice All setting return the full URL? Thanks!
07.12.2020 16:35:55 <clientIP> NONE/200 https:443 - -
-
@jsm03913 as i understand in splice all mode Squid can't "look" inside https and and can't see full URL. I even discovered when you typing blocked url with https://blocked.site - SquidGuard not blocking it. So if you try to block youtube.com for example - it can be open if type https://youtube.com.
I don't understand what for need this splice all mode, if result the same as disabled MITM. -
Right. I did some reading on what Splice is capable of and it does seem Splice can see the domain name (not the full URL), but only after the tunnel is closed. It is then logged, rather than Bump which actually looks at the whole URL and replaces the certificate. But, this has its own set of problems for mobile devices.