Update: SQUID transparent SSL interception : Squid v3.2

In order to keep this blog post a bit more relevant, there have been some improvements since that post was written. Squid v3.2 has been released earlier this year, making ssl interception more seamless and easier. The new features for HTTPS interception can be found while reading through the man page for http_port: http://www.squid-cache.org/Versions/v3/3.2/cfgman/http_port.html More specifically: … Continue reading Update: SQUID transparent SSL interception : Squid v3.2

Advertisements

Dansguardian : lessons learned

To dis-allow users from connecting to a site via IP rather than URL name (so bypassing filtering unless you use the time consuming forward / reverse lookup feature), uncomment the following line in the bannedsitelist: *ip To enable syslog, the default dansguardian.conf uses: # Syslog logging # # Use syslog for access logging instead of … Continue reading Dansguardian : lessons learned

Analyzing SQUID access logs

There are loads of programs on the internet which are squid log analyzers. While this article does address the same thing, it’s presented more with an eye to how you can use standard linux bash scripts to obtain almost any output you want from log files. In the following script I use no python / … Continue reading Analyzing SQUID access logs

SQUID transparent SSL interception

July 2012: Small update on new versions of squid (squid v 3.2) here There seems to be a bit of confusion about configuring SQUID to transparently intercept SSL (read: HTTPS) connections. Some sites say it’s plain not possible: http://www.faqs.org/docs/Linux-mini/TransparentProxy.html#ss2.3 Recent development in SQUID features have made this possible. This article explores how to set this up … Continue reading SQUID transparent SSL interception

SQUID + GreasySpoon : enhancing your proxy deployment with content adaptation

When comparing the two proxy solutions I am most familiar with, these being BlueCoat ProxySG and SQUID, the most striking difference is the capability of the bluecoat to easily change and modify the traffic passing through it. For the Bluecoat-savvy of you, adding a “Web Access” and “Web Content” layer in policy allows you to … Continue reading SQUID + GreasySpoon : enhancing your proxy deployment with content adaptation

IPv6 to IPv4 using proxies : lessons learned

As we progress into IPv6 networks, one of the more common transitory scenarios we will see will be similar to the following: Especially in earlier stages, it is to be expected that isolated “pools” of IPv6 networks will need to communicate with a still predominantly IPv4 internet. One of the many ways of facilitating this … Continue reading IPv6 to IPv4 using proxies : lessons learned