Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Logging HTTPS Web Sites

    Scheduled Pinned Locked Moved General pfSense Questions
    2 Posts 2 Posters 523 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rrkolb
      last edited by

      We need to log HTTPS websites, along with HTTP websites, that our clients browse to.  We do not desire to log traffic after the secured communications have been established, nor do we wish to set up a "man in the middle".

      We are using pfSense 2.1 with Squid 3 pkg 3.1.20 and Dansguardian pkg 2.12.0.3 .  We have also tried Squid 2.7.9 .

      We have tried both explicit and transparent HTTP proxy configurations.  HTTP traffic is being logged into the Squid log, however, HTTPS is not.

      Is there a way to record the HTTPS websites our clients browse to?

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        You can't just get "some" of the HTTPS in that way. The channel is encrypted before the site request is ever made, and you can't always guess the site by secondary characteristics like the server IP or DNS lookups. You have to see inside the encrypted communication, which is impossible without proxying their traffic explicitly or performing a man-in-the-middle attack on their SSL connection.

        In most cases, you have to have the clients set their browser's proxy settings to the firewall in order to see any HTTPS.

        I believe the squid3-dev and/or dansguardian packages can intercept HTTPS transparently but you still have to install a trusted root cert of your own creation on the clients.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.