SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264

0001169: Web proxy antivirus not work on SSL https protocol - MantisBT Endian Bugtracker
Endian Issue Tracker





Please see now our new Bugtracker system: JIRA








View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0001169Endian FirewallProxy HTTPpublic2008-07-28 09:072011-05-26 12:27
Reportermormogeacl 
Assigned To 
PrioritynormalSeverityfeatureReproducibilityN/A
StatusacknowledgedResolutionopen 
PlatformOSOS Version
Product Version2.2-rc2 
Target VersionFixed in Version 
Summary0001169: Web proxy antivirus not work on SSL https protocol
DescriptionWeb proxy antivirus not work on SSL https protocol
Additional InformationWeb proxy antivirus not work on SSL https protocol
http://www.eicar.org/anti_virus_test_file.htm [^]
TagsNo tags attached.
Attached Files

- Relationships
duplicate of 0000749acknowledged http proxy and ssl 
parent of 0002488acknowledged contentfilter on https 
parent of 0002591acknowledged Upgrade Squid to 3.1 
has duplicate 0002284closed Antivirus doesn't work if you download using SSL or HTTPS 
Not all the children of this issue are yet resolved or closed.

-  Notes
(0001588)
peter-endian (administrator)
2008-09-09 13:47

The matter of an encrypted channel (SSL) is that *nobody* can read or scan its contents. This includes also a web proxy.

We don't intercept ssl connections yet. Maybe this will come in the future
(0006163)
datapharmer (reporter)
2011-04-29 16:44

I would love to see this implemented. It is a reality that it would be simple to bypass all firewall virus scanning and filtering simply by linking to a site that starts with https... Sonic wall implements this by intercepting and then issuing a replacement certificate, which could be installed to clients via network policy.

See sonic wall kb article for details: http://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=8365 [^]
(0006501)
datapharmer (reporter)
2011-05-26 12:27

This may be a good solution for a future version of endian: http://wiki.squid-cache.org/Features/SslBump [^]

- Issue History
Date Modified Username Field Change
2008-07-28 09:07 mormogeacl New Issue
2008-07-28 09:07 mormogeacl Status new => assigned
2008-07-28 09:07 mormogeacl Assigned To => simon-endian
2008-09-09 13:47 peter-endian Note Added: 0001588
2008-09-09 13:47 peter-endian Assigned To simon-endian =>
2008-09-09 13:48 peter-endian Severity minor => feature
2008-09-09 13:48 peter-endian Reproducibility have not tried => N/A
2008-09-09 13:53 peter-endian Status assigned => acknowledged
2009-10-21 16:38 peter-endian Relationship added has duplicate 0002284
2009-10-21 16:40 peter-endian Relationship added duplicate of 0000749
2010-09-24 09:27 peter-endian Relationship added parent of 0002488
2010-09-24 09:27 peter-endian Relationship added parent of 0002591
2011-04-29 16:44 datapharmer Note Added: 0006163
2011-05-26 12:27 datapharmer Note Added: 0006501

Copyright © 2005-2008 Endian, SRL. All rights reserved.


Copyright © 2000 - 2012 MantisBT Group
Powered by Mantis Bugtracker