Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Snort + squid3 (transparent http/https) - inspect ssl traffic?

    pfSense Packages
    3
    4
    1906
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      Nachtfalke last edited by

      Hi,

      I am using the snort 2.9.7.0 pkg v3.2.3 package. I am using this package in a home environment and I would be interested in if snort can inspect the https traffic. I have squid running in transparent mode for http and https and this is working. Or is snort only able to inspect the traffic which is not encrypted?

      Thank you for your feedback!

      1 Reply Last reply Reply Quote 0
      • marcelloc
        marcelloc last edited by

        Not sure it will work as squid does a lot of work to intercept it and communication on lan and wan keeps encrypted.

        Treinamentos de Elite: http://sys-squad.com

        Help a community developer! ;D

        1 Reply Last reply Reply Quote 0
        • bmeeks
          bmeeks last edited by

          I agree with marcelloc.  Snort would still see only the encrypted traffic and thus not be able to inspect it.

          Bill

          1 Reply Last reply Reply Quote 0
          • N
            Nachtfalke last edited by

            Hmm,

            wanted to click "Thanks" for both posts but just works for one.
            So thank you for your feedback. Would be a nice feature if it works but it is probably not that easy.

            Thanky you!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post