I'm missing something here... I had another squid/dansguardian proxy
that was set up to pass though HTTPS traffic and I as using a URL
blacklist to prevent "bad site" access. Unfortunately, that proxy was
lost and I'm building anew.
I have my browser set to port 3128 (squid) and when I try to attach to a
SSL site there is a very long delay then I see three of the following
messages:
02/Apr/2010,12:34:32,
21000,192.168.80.9,TCP_MISS/200,0,CONNECT,www.tcfbank.com:443,-,DIRECT/2
06.71.19.108,-
So it looks like it's trying to go there.
I already know I cannot do content filtering through HTTPS, but all I
want is for the traffic to be passed through like I had it before. I'll
block the places I don't want using a blacklist.
Here's my config:
Shorewall rules:
=================
ACCEPT $FW net tcp www
REDIRECT loc 8080 tcp www -
ACCEPT loc fw tcp www
ACCEPT loc fw tcp 53
ACCEPT loc fw tcp 22
ACCEPT loc fw tcp 443
Squid:
=========
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl to_localbox dst 192.168.80.5/32
acl mylocalserver dst 64.8.132.1/32
follow_x_forwarded_for allow localhost
acl_uses_indirect_client on
delay_pool_uses_indirect_client on
log_uses_indirect_client on
external_acl_type session ttl=300 children=1 negative_ttl=0
concurrency=200 %SRC /usr/lib/squid/squid_session -t 1800
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
# TAG: http_access
http_access allow mylocalserver
http_access allow to_localbox
deny_info http://192.168.80.5/index.php?url=%s session
http_access allow session
http_access allow SSL_ports
http_access allow CONNECT SSL_ports
http_access deny !session
http_access deny !Safe_ports
Received on Fri Apr 02 2010 - 17:59:32 MDT
This archive was generated by hypermail 2.2.0 : Sat Apr 03 2010 - 12:00:02 MDT