Snort + squid3 (transparent http/https) - inspect ssl traffic?
I am using the snort 18.104.22.168 pkg v3.2.3 package. I am using this package in a home environment and I would be interested in if snort can inspect the https traffic. I have squid running in transparent mode for http and https and this is working. Or is snort only able to inspect the traffic which is not encrypted?
Thank you for your feedback!
marcelloc last edited by
Not sure it will work as squid does a lot of work to intercept it and communication on lan and wan keeps encrypted.
bmeeks last edited by
I agree with marcelloc. Snort would still see only the encrypted traffic and thus not be able to inspect it.
wanted to click "Thanks" for both posts but just works for one.
So thank you for your feedback. Would be a nice feature if it works but it is probably not that easy.