Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Squid SSL interception access log

    Scheduled Pinned Locked Moved Cache/Proxy
    1 Posts 1 Posters 234 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      ce13
      last edited by ce13

      I have recently installed squid server and setup transparent SSL proxy. Installed CA into local machines and no problem to access most of the websites. I understand some of the websites/applications are SSL pinned which needs to be bypassed for decoding. However, there is an issue to view it in the access log.

      For example, IOS app store requires to bypass *.mzstatic.com and *.apple.com.

      In Sophos XG, I can see the log for URL (SNI domain?) instead of IP, even for those SSL pinned URL, and then I can quickly to choose which URL needs to be added into bypass list.

      In squid access log, I can only see IP instead of URL.
      09.01.2020 00:34:13 192.168.21.20 TAG_NONE/200 184.87.97.50:443 - -
      09.01.2020 00:34:13 192.168.21.20 TAG_NONE/200 184.87.97.50:443 - -

      Can someone let me know how to make squid to show URL for those SSL pinned URL?

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.