nanog mailing list archives
Re: HTTPS redirects to HTTP for monitoring
From: chris <tknchris () gmail com>
Date: Sun, 18 Jan 2015 10:25:54 -0500
Hello, I have been going through something very interesting recently that relates to this. We have a customer who google is flagging for "abusive" search behavior. Because google now forces all search traffic to be SSL, it has made attempting to track down the supposed "bad traffic" extremely difficult. We have contacted google through several channels and no one at google who we've worked with is able to provide us any factual examples of what they are seeing and because of the traffic being encrypted all our usual capture and analysis tools have been fairly useless. I'm sure this this will be more and more prevalent but its really frustrating when the vendor who forces SSL cannot or will not provide actual documentation that can help us investigate. So far the only ideas we've come up with are to play some tricks with DNS overrides and force the users to non SSL search so we can inspect http traffic or we were also looking into doing something like using SQUID mitm SSL and allow us to at least inspect the traffic there. Overall we're not thrilled about the other side effects / implications that can be caused by these workarounds, and in this situation our customer who happens to be a customer of several google apps is very disappointed that they cannot be more cooperative. I am very interested to hear if others have run into similar situations and how it was handled etc. I am sure we will see this type of issue again with the number of hosted and SaaS solutions growing exponentially, so we are looking into various options so that in the future we have better accomodations to handle this situation with or without cooperation on the hosted side. chris On Sun, Jan 18, 2015 at 7:29 AM, Grant Ridder <shortdudey123 () gmail com> wrote:
Hi Everyone, I wanted to see what opinions and thoughts were out there. What software, appliances, or services are being used to monitor web traffic for "inappropriate" content on the SSL side of things? personal use? enterprise enterprise? It looks like Websense might do decryption ( http://community.websense.com/forums/t/3146.aspx) while Covenant Eyes does some sort of session hijack to redirect to non-ssl (atleast for Google) ( https://twitter.com/CovenantEyes/status/451382865914105856). Thoughts on having a product that decrypts SSL traffic internally vs one that doesn't allow SSL to start with? -Grant
Current thread:
- Re: HTTPS redirects to HTTP for monitoring, (continued)
- Re: HTTPS redirects to HTTP for monitoring John Levine (Jan 18)
- Re: HTTPS redirects to HTTP for monitoring Ca By (Jan 18)
- Re: HTTPS redirects to HTTP for monitoring John R. Levine (Jan 18)
- Message not available
- Re: HTTPS redirects to HTTP for monitoring Larry Sheldon (Jan 19)
- Re: HTTPS redirects to HTTP for monitoring John Levine (Jan 19)
- Re: HTTPS redirects to HTTP for monitoring William Waites (Jan 18)
- Re: HTTPS redirects to HTTP for monitoring Kelly Setzer (Jan 18)
- Re: HTTPS redirects to HTTP for monitoring Matt Palmer (Jan 18)
- Re: HTTPS redirects to HTTP for monitoring Damian Menscher (Jan 19)
- Re: HTTPS redirects to HTTP for monitoring Ca By (Jan 18)
- Re: HTTPS redirects to HTTP for monitoring Geoffrey Keating (Jan 18)
- Re: HTTPS redirects to HTTP for monitoring Larry Sheldon (Jan 19)