RE: [squid-users] Blocking SSL Port does not work

From: Malvin Rito <mrito_at_mail.altcladding.com.ph>
Date: Tue, 6 Jul 2010 17:33:57 +0800

Thanks. But how can I implement SSLBump to block port 443 for only specific
websites such as blocking Proxy Sites which use https?

-----Original Message-----
From: Matus UHLAR - fantomas [mailto:uhlar_at_fantomas.sk]
Sent: Tuesday, July 06, 2010 5:24 PM
To: squid-users_at_squid-cache.org
Subject: Re: [squid-users] Blocking SSL Port does not work

On 05.07.10 18:24, Malvin Rito wrote:
> I'm trying to block SSL port 443 on my squid server but no luck on several
> tries. My squid Server is running Transparent Mode.

You must block port 443 on your firewall, not on squid.

If you intent to block port 443, it's useless to redirect it to squid.

If you want to intercept port 443, you should know thatit's called
man-in-the-middle attack since the traffic is encrypted between browser and
server. While newest squid supports this by using SSLBump feature, browers
can detect that you did this because the squid's certificate won't match the
server name.

-- 
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Chernobyl was an Windows 95 beta test site.
Received on Tue Jul 06 2010 - 09:35:12 MDT

This archive was generated by hypermail 2.2.0 : Tue Jul 06 2010 - 12:00:02 MDT