Issue with ssl-bump in squid sending decrytped traffic to e2guardian

[Tim Laird]

We have ssl_bump working in squid, shows the full URL in the access.log, but e2guardian is not accepting it.

We were able to e2guardian working with MITM but the recommendation is to have squid handle it.

Are there any thoughts from the community?

[Philip]

If you are using ssl_bump in squid then you will have to configure squid to access e2guardian using its ICAP mode.

I don't know of any advantage to using squid ssl_bump plus e2guardian ICAP,  unless you want to authenticate users using a squid plug-in, and you want to integrate other ICAP services from squid.

A simpler alternate, if you want squid user authentication, is to use e2guardian as an upstream proxy in squid (without ssl_bump) passing on the user information and IP, and to use MITM in e2guardian and thee2guardian pf-basic authentication plug-in to obtain the user id for e2guardian purposes (and logs etc).

If you do not need squid authentication (i.e. the current e2g authentication options are sufficient for your needs) then just use E2Guardian with MITM.    This keeps the user messaging consistent and clear and the logging in one place, as well as being faster and more efficient in system resources.