4. Logging HTTPS Web Sites

Logging HTTPS Web Sites

  • R

    We need to log HTTPS websites, along with HTTP websites, that our clients browse to.  We do not desire to log traffic after the secured communications have been established, nor do we wish to set up a "man in the middle".

    We are using pfSense 2.1 with Squid 3 pkg 3.1.20 and Dansguardian pkg 2.12.0.3 .  We have also tried Squid 2.7.9 .

    We have tried both explicit and transparent HTTP proxy configurations.  HTTP traffic is being logged into the Squid log, however, HTTPS is not.

    Is there a way to record the HTTPS websites our clients browse to?

    0
  • Rebel Alliance Developer Netgate

    You can't just get "some" of the HTTPS in that way. The channel is encrypted before the site request is ever made, and you can't always guess the site by secondary characteristics like the server IP or DNS lookups. You have to see inside the encrypted communication, which is impossible without proxying their traffic explicitly or performing a man-in-the-middle attack on their SSL connection.

    In most cases, you have to have the clients set their browser's proxy settings to the firewall in order to see any HTTPS.

    I believe the squid3-dev and/or dansguardian packages can intercept HTTPS transparently but you still have to install a trusted root cert of your own creation on the clients.

    0
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy