Squid SSL interception access log



  • I have recently installed squid server and setup transparent SSL proxy. Installed CA into local machines and no problem to access most of the websites. I understand some of the websites/applications are SSL pinned which needs to be bypassed for decoding. However, there is an issue to view it in the access log.

    For example, IOS app store requires to bypass *.mzstatic.com and *.apple.com.

    In Sophos XG, I can see the log for URL (SNI domain?) instead of IP, even for those SSL pinned URL, and then I can quickly to choose which URL needs to be added into bypass list.

    In squid access log, I can only see IP instead of URL.
    09.01.2020 00:34:13 192.168.21.20 TAG_NONE/200 184.87.97.50:443 - -
    09.01.2020 00:34:13 192.168.21.20 TAG_NONE/200 184.87.97.50:443 - -

    Can someone let me know how to make squid to show URL for those SSL pinned URL?


Log in to reply