Project

General

Profile

Actions
Copy link

Feature #3379

open

Filtering ICAP Protocoll on lo Interface

Added by Schroeffu Schroeffu almost 5 years ago. Updated over 1 year ago.

Status:
New
Priority:
Normal
Assignee:
OISF Dev
Target version:
-
Effort:
medium
Difficulty:
Label:

Description

It would be very nice when Suricata can handle the ICAP protocoll for filtering decrypted SSL Web Traffic.

Proxies - for example Squid - often are doing SSL Inspection through local loopback interface (lo) ICAP Protocol on Port 1344.
I can configure Suricata to listen on "lo" Interface, but Suricata is not alerting the rules on this decrypted Web Traffic which is readable on lo interface also for suricata.

I guess suricata needs an "ICAP Wrapper", so a new feature?

Files

Suricata_monitor_lo_interface_222045.jpg (100 KB) Suricata_monitor_lo_interface_222045.jpg example of the only Suricata alert i get sometimes while monitoring local loopback interface, on that all the decrypted web traffic goes through for virus scanning Schroeffu Schroeffu, 12/04/2019 02:49 PM

Related issues 1 (1 open0 closed)

Related to Suricata - Feature #6101: icap: app-layer protocol supportNewOISF DevActions
Actions
Copy link

Also available in: Atom PDF