Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort + squid3 (transparent http/https) - inspect ssl traffic?

    pfSense Packages
    3
    4
    1942
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      Nachtfalke
      last edited by

      Hi,

      I am using the snort 2.9.7.0 pkg v3.2.3 package. I am using this package in a home environment and I would be interested in if snort can inspect the https traffic. I have squid running in transparent mode for http and https and this is working. Or is snort only able to inspect the traffic which is not encrypted?

      Thank you for your feedback!

      1 Reply Last reply Reply Quote 0
      • marcellocM
        marcelloc
        last edited by

        Not sure it will work as squid does a lot of work to intercept it and communication on lan and wan keeps encrypted.

        Treinamentos de Elite: http://sys-squad.com

        Help a community developer! ;D

        1 Reply Last reply Reply Quote 0
        • bmeeksB
          bmeeks
          last edited by

          I agree with marcelloc.  Snort would still see only the encrypted traffic and thus not be able to inspect it.

          Bill

          1 Reply Last reply Reply Quote 0
          • N
            Nachtfalke
            last edited by

            Hmm,

            wanted to click "Thanks" for both posts but just works for one.
            So thank you for your feedback. Would be a nice feature if it works but it is probably not that easy.

            Thanky you!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post