4. Logging HTTPS Web Sites

Logging HTTPS Web Sites

  • R

    We need to log HTTPS websites, along with HTTP websites, that our clients browse to.  We do not desire to log traffic after the secured communications have been established, nor do we wish to set up a "man in the middle".

    We are using pfSense 2.1 with Squid 3 pkg 3.1.20 and Dansguardian pkg 2.12.0.3 .  We have also tried Squid 2.7.9 .

    We have tried both explicit and transparent HTTP proxy configurations.  HTTP traffic is being logged into the Squid log, however, HTTPS is not.

    Is there a way to record the HTTPS websites our clients browse to?

    0
  • Rebel Alliance Developer Netgate

    You can't just get "some" of the HTTPS in that way. The channel is encrypted before the site request is ever made, and you can't always guess the site by secondary characteristics like the server IP or DNS lookups. You have to see inside the encrypted communication, which is impossible without proxying their traffic explicitly or performing a man-in-the-middle attack on their SSL connection.

    In most cases, you have to have the clients set their browser's proxy settings to the firewall in order to see any HTTPS.

    I believe the squid3-dev and/or dansguardian packages can intercept HTTPS transparently but you still have to install a trusted root cert of your own creation on the clients.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy