RE: [squid-users] Blocking port 443 and let some secured site to be accessed (ie yahoo.com email)

From: SSCR Internet Admin <admin_at_sscrmnl.edu.ph>
Date: Mon, 10 Aug 2009 10:53:41 +0800

Thanks Amos, hope this could partially stop ultrasurf... crossing fingers..

-----Original Message-----
From: Amos Jeffries [mailto:squid3_at_treenet.co.nz]
Sent: Monday, August 10, 2009 10:35 AM
To: SSCR Internet Admin
Cc: squid-users_at_squid-cache.org
Subject: Re: [squid-users] Blocking port 443 and let some secured site to be accessed (ie yahoo.com email)

On Mon, 10 Aug 2009 10:24:04 +0800, "SSCR Internet Admin"
<admin_at_sscrmnl.edu.ph> wrote:
> Hi,
>
> Can anyone give me a hint as to block 443 and let some other secured site
> be
> excluded from the block?

Depends on what you want to block there...

I assume that you actually mean you want to block HTTPS traffic except to
some certain sites.

Squid default controls have ACLs called SSL_ports and CONNECT. With this
configuration line:
http_access deny CONNECT !SSL_ports

To restrict further and only allow certain websites to use port 443/HTTPS
create an ACL listing their domain names and change the access lien like so

acl httpSites dstdomain .example.com
http_access deny CONNECT !SSL_ports !httpsSites

Amos

---------------------------------------------------
This message is solely intended to the person(s)
indicated on the header and has been scanned for
viruses and dangerous content by MailScanner. If
any malware detected on this transmission, please
email the postmaster at admin_at_sscrmnl.edu.ph.

Providing Quality Catholic Education for the Masses
for more info visit us at http://www.sscrmnl.edu.ph

__________ Information from ESET NOD32 Antivirus, version of virus signature database 4295 (20090731) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com

 

__________ Information from ESET NOD32 Antivirus, version of virus signature database 4295 (20090731) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com
 

---------------------------------------------------
This message is solely intended to the person(s)
indicated on the header and has been scanned for
viruses and dangerous content by MailScanner. If
any malware detected on this transmission, please
email the postmaster at admin_at_sscrmnl.edu.ph.

Providing Quality Catholic Education for the Masses
for more info visit us at http://www.sscrmnl.edu.ph
Received on Mon Aug 10 2009 - 02:53:51 MDT

This archive was generated by hypermail 2.2.0 : Mon Aug 10 2009 - 12:00:15 MDT