Good morning, the DPO, Data Protection Officer, asked one of my clients to tell him if it is possible to exclude certain sites from the firewall log they have, which is not IPFire.
Specifically, my client is a municipality, the DPO does not want it to be traced if any employee connects to the site to report administrative violations.
Is it possible to do something like this with IP-Fire without completely disabling the proxy log?
You could think of a kind of whitelist in which to include sites that should not be registered in the log
The proxy log, as indicated here, only tracks the FQDN as everything now runs in HTTPS, but the DPO doesn’t even want this.
Many thanks
I looked at the log with:
tail -f /var/log/squid/access.log | perl -pe ‘s/^\d+.\d+/localtime($&)/e;’
but I only see http requests and not https is this correct?
I know I have a lot to learn, I have the proxy set to transparent.
Anyway, thanks, I’ll “play” with the ACLs and make a big mess, I already know HI
In a transparent proxy setup on IPFire, only HTTP traffic gets automatically directed to Squid. HTTPS traffic is not captured in this manner because IPFire has removed the capability to terminate HTTPS tunnels for security reasons. To have HTTPS traffic logged, clients must manually configure their browsers to use the IPFire machine as a proxy. If they do, Squid will forward the encrypted HTTPS traffic without terminating or inspecting the tunnel, but the connection will be logged.
EDIT: If HTTPS connections are missing from the logs, it likely means that clients are either using a different proxy or no proxy at all for encrypted traffic. To centralize traffic through IPFire, you could block outbound traffic on port 443. This would require clients to configure their browsers to use IPFire for HTTPS. Note that Squid will not cache this HTTPS traffic; it will merely relay it.