On Jan 24, 2011, at 1:09 PM, jamesj_at_mail.milton.k12.wi.us wrote:
> Hello Folks,
>
>
>
> We're currently using squid + DG as a content filtering system and it's
> fantastic. The problem lies with a combination of Squid + Safari and the
> site facebook.com. Students can currently get around our blocks by
> changing the protocol from http to https. The logs show that squid sees
> the "CONNECT" function and tries to block it but it still passes through.
> All other browsers it's fine and all other sites + safari it appears to
> also be fine. Anyone have any ideas? We've tried blocking using DG and
> then directly through squid by blocking the CONNECT function to facebook.
>
> Squid version 3.0.STABLE24
>
Hi James,
I ran into the same problem using squidguard. I used a pretty harsh denial in my firewall. My squid SG works in " intercept " mode so I wrote an IPFW statement to deny https for facebook.
deny ip from any to 66.220.144.0/20 dst-port 443
deny ip from any to 69.63.176.0/20 dst-port 443
hope this helps
-j
Received on Tue Jan 25 2011 - 13:34:50 MST
This archive was generated by hypermail 2.2.0 : Tue Jan 25 2011 - 12:00:03 MST