Re: [squid-users] squid affected by log4j vulnerability?

2022-01-04 Thread Amos Jeffries
On 5/01/22 05:41, Michael Engelmann wrote: Hi all, since I can't find any information on the web about whether the squid proxy is affected by the log4j vulnerability, I want to ask that question here. We are running Squid version 4.6 under Debian 4.19. Squid is not written in Java. So it is n

Re: [squid-users] MITM the MITM

2022-01-04 Thread Will BMD
On 04/01/2022 04:19, Grant Taylor wrote: On 1/3/22 5:19 PM, Will BMD wrote: Hey all, Hi, From the Firewalls perspective all client connections are originating as the proxy server. We're wanting to use the https inspect feature of the firewall, I'm taking "HTTPS inspect" to be the firewal

[squid-users] squid affected by log4j vulnerability?

2022-01-04 Thread Michael Engelmann
Hi all, since I can't find any information on the web about whether the squid proxy is affected by the log4j vulnerability, I want to ask that question here. We are running Squid version 4.6 under Debian 4.19. Thanks Michael Mit freundlichen Grüßen Michael Engelmann Stadtverwaltung Brand-Erbis

Re: [squid-users] MITM the MITM

2022-01-04 Thread Will BMD
Hey Antony, Thanks for the quick response. - What sort of firewall is this? The firewall is a Cisco FTDv 6.6. - What does "HTTPS inspect" actually mean? - How does the firewall "inspect" HTTPS traffic, which by design is encrypted between client and server (neither of which is the firew