4. Squid SSL interception access log

Squid SSL interception access log

  • C

    I have recently installed squid server and setup transparent SSL proxy. Installed CA into local machines and no problem to access most of the websites. I understand some of the websites/applications are SSL pinned which needs to be bypassed for decoding. However, there is an issue to view it in the access log.

    For example, IOS app store requires to bypass *.mzstatic.com and *.apple.com.

    In Sophos XG, I can see the log for URL (SNI domain?) instead of IP, even for those SSL pinned URL, and then I can quickly to choose which URL needs to be added into bypass list.

    In squid access log, I can only see IP instead of URL.
    09.01.2020 00:34:13 192.168.21.20 TAG_NONE/200 184.87.97.50:443 - -
    09.01.2020 00:34:13 192.168.21.20 TAG_NONE/200 184.87.97.50:443 - -

    Can someone let me know how to make squid to show URL for those SSL pinned URL?

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy