2

I have been running squid to cache content along with privoxy to remove lower quality content for years; however, as more and more sites use HTTPS, the amount I can effectively cache or filter is greatly reduced.

Having an extra service running consumes memory and introduces latency while not providing any added benefit.

Are there some other reasons to continue running squid and privoxy? I could bump SSL traffic to cache it, but I still won't be able to leverage privoxy to filter unless privoxy supported passing in SSL certificate and key.

Walter
  • 1,204
  • 4
  • 13
  • 36
  • I have no idea what you mean by "bump SSL traffic" or how "passing in SSL certificate and key" could work. SSL is supposed to encrypt the traffic end-to-end, you can only filter it if you MITM it, by having a proxy which decrypts and reencrypts **with another key** each connection. You could certainly do that if you install your own root cert in the browser, and have the MITM proxy generate certs on the fly and sign them with it. Doing that for debugging purposes (eg. to reverse engineer web apps) is fine, doing it for other purposes is dubious and dangerous. –  Aug 09 '19 at 17:20
  • see: https://wiki.squid-cache.org/Features/SslPeekAndSplice - Squid can "bump" SSL traffic meaning it intercepts the traffic and re-encrypts it with a certificate and key of your choosing. Squid does protect you from shooting yourself in the foot as it will fail to load sites that would have given you an error in the first place in a reasonably secure browser. – Walter Aug 09 '19 at 17:33
  • So it's basically man-in-the-middling the connection. I would rather use some in-browser filter instead of having to audit it to see if it really avoids all the pitfalls that come with that ;-) –  Aug 09 '19 at 17:37
  • @mosvy, "_doing it for other purposes is dubious and dangerous_" a lot of enterprise proxies do exactly this; it's a trade-off between user security (banking) and corporate security (ransomware). There are certainly a lot of ethical issues even (especially?) in the workplace - consider if someone is visiting a website that references "protected" personal status such as disability, gender or sexual discrimination. – roaima Aug 12 '19 at 18:24

0 Answers0