Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    SSL MITM Filtering - Splice All & SquidGuard Logs

    Cache/Proxy
    2
    3
    152
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jsm03913 last edited by

      Hello everyone! When I set the MITM filtering to Splice Whitelist, Bump Otherwise, the Squid logs tell me the full URL of the website that was visited by clients. When I change it to Splice All, the logs return as below for many websites. Is there anyway to make the Splice All setting return the full URL? Thanks!

      07.12.2020 16:35:55 <clientIP> NONE/200 https:443 - -

      V 1 Reply Last reply Reply Quote 0
      • V
        viberua @jsm03913 last edited by

        @jsm03913 as i understand in splice all mode Squid can't "look" inside https and and can't see full URL. I even discovered when you typing blocked url with https://blocked.site - SquidGuard not blocking it. So if you try to block youtube.com for example - it can be open if type https://youtube.com.
        I don't understand what for need this splice all mode, if result the same as disabled MITM.

        J 1 Reply Last reply Reply Quote 0
        • J
          jsm03913 @viberua last edited by

          @viberua

          Right. I did some reading on what Splice is capable of and it does seem Splice can see the domain name (not the full URL), but only after the tunnel is closed. It is then logged, rather than Bump which actually looks at the whole URL and replaces the certificate. But, this has its own set of problems for mobile devices.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post

          Products

          • Platform Overview
          • TNSR
          • pfSense
          • Appliances

          Services

          • Training
          • Professional Services

          Support

          • Subscription Plans
          • Contact Support
          • Product Lifecycle
          • Documentation

          News

          • Media Coverage
          • Press
          • Events

          Resources

          • Blog
          • FAQ
          • Find a Partner
          • Resource Library
          • Security Information

          Company

          • About Us
          • Careers
          • Partners
          • Contact Us
          • Legal
          Our Mission

          We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

          Subscribe to our Newsletter

          Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

          © 2021 Rubicon Communications, LLC | Privacy Policy