Configure Squid proxy for SSL/TLS inspection (HTTPS interception)

Squid proxy

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more.

Squid can be configured to make SSL/TLS inspection (aka HTTPS interception) so the proxy can decrypt proxied traffic (Squid calls this feature ssl bump).

Afaik the Squid package included in the Linux distros is not compiled with SSL/TLS inspection support but the good news is that diladele (its github repo and Websafety documentation are useful resources) provides packages for Ubuntu and Centos, recompiled (you can do by yourself) with support for HTTPS filtering and SSL/TLS inspection. This means that we have just to configure Squid. Not an easy task anyway ūüôā

I provide to you a working config, follow next steps.

Continue reading “Configure Squid proxy for SSL/TLS inspection (HTTPS interception)”

Enable Telegram and WhatsApp web sites behind a proxy

telegram and whatsapp
telegram and whatsapp

In this post I just show what domains you need to enable to authorize access to  telegram and whatsapp web sites behind your corporate proxy. This is useful when you need to allow Рlike me Рjust a subset of your users to access it.

Allow following Telegram domains on your proxy

  • web.telegram.org
  • vesta.web.telegram.org
  • telegram.me

Allow following WhatsApp domains on your proxy

  • web.whatsapp.com
  • dyn.web.whatsapp.com
  • w[0-9].web.whatsapp.com (from w0 to w9)
  • pps.whatsapp.net
  • mms.whatsapp.net
  • mmg-fna.whatsapp.net

Block Flash content on Squid proxy

No more flash
No more flash

One of the trending topic I discuss regularly with my company IT department is the need to block Flash content on our navigation proxies.

As a Security people I have no doubt about, Flash must be blocked. Period.

Because I manage some¬†Squid proxy I made this simple and effective configuration in squid.conf¬† file. Continue reading “Block Flash content on Squid proxy”

Rsyslog – Store and Forward messages to other hosts

Forward by Bruce Berrien
Forward by Bruce Berrien

One of the problems I encountered in my job is to get syslog (udp/514) logs from a server that support only one syslog destination and resend these logs to two or more servers (log archiving, security appliance etc).

To do this I used rsyslog and Ubuntu Server (14.04 LTS) acting like a syslog relay.
In this scenario the remote appliance sends the log to the Ubuntu Server (listening on port udp/514) and the server store&forward the logs to one or more server/device.¬† Continue reading “Rsyslog – Store and Forward messages to other hosts”