Snort + squid3 (transparent http/https) - inspect ssl traffic?



  • Hi,

    I am using the snort 2.9.7.0 pkg v3.2.3 package. I am using this package in a home environment and I would be interested in if snort can inspect the https traffic. I have squid running in transparent mode for http and https and this is working. Or is snort only able to inspect the traffic which is not encrypted?

    Thank you for your feedback!



  • Not sure it will work as squid does a lot of work to intercept it and communication on lan and wan keeps encrypted.



  • I agree with marcelloc.  Snort would still see only the encrypted traffic and thus not be able to inspect it.

    Bill



  • Hmm,

    wanted to click "Thanks" for both posts but just works for one.
    So thank you for your feedback. Would be a nice feature if it works but it is probably not that easy.

    Thanky you!


Log in to reply