cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Monitoring HTTP and HTTPS requests through a proxy

Hi

We have an upcoming requirement to track internal clients accessing certain external websites. All users access the internet through a well-known proxy provider on the same IP:PORT (XXX.XXX.XXX.XXX:8080).

I don't fully understand the communication between the client and the proxy but I'm assuming the HTTP will be in clear text and the HTTPS will be encrypted, either by a corporate key/certificate pair if my proxy is doing MitM analysis or the remote site ones if not.

Given the requirement to monitor some services accessed through the proxy and needing to be able to decode and analyse HTTPS where possible as well as knowing and understanding client IP address to tie to location details, this suggests the following:


  • Listen between client and proxy
  • Need two Software Services - one which is the ProxyIP:PORT and HTTP decode, the other which is ProxyIP:PORT and HTTP over SSL decode. Of course these cannot both exist on the same AMD, so traffic needs to be delivered to two AMDs and one SS on each.
  • Loaded corporate private keys onto AMD doing HTTPS decode to be able to anlayse the HTTPS services that have MitM analysis.
  • Configure the SS with details of the URLs that we need to track, thus only reporting on the specific services, not all internet requests.
  • There will be no analysis of any HTTPS services (other than TCP) that are passed directly to remote service as we won't get their private key (obviously)

Are my assumptions correct and is this an appropriate way to achieve this?

Anyone else doing anything similar?

Thanks

Gary

2 REPLIES 2

david_alonso
Dynatrace Pro
Dynatrace Pro

I've had not a full experience with proxy and different flows, but yes separate experience. For seeing the same server port from different flows (if not possible to configure the client_IP identification), I've used two AMDs as you propose. This is something I've already configured

For the Proxy monitoring ( I didn't need to go over the https decode), your approach is the good one. Defining a set of URL and switching off the URL auto-learning on the defined SS. I've done it like this too.

I'll say that yes your apporach is good.

I hope it helps

juan_ortega_1
Newcomer

DCRUM as capturo HTTP traffic with post requests from Jboss
When I filter the hhtp traffic I do not observe volumenn it seems that the traffic is lost. I do not see URL

Thanks Juan Ortega