Re-wind. back to the original question and problem...
On 16/04/11 03:48, Mohammad Fattahian wrote:
<snip>
>> Is the any way to block HTTPS for some web sites?
>>
>> I have to block access to Gmail accounts.
>>
>> It's done for http but I did not find any solution for https.
>>
>> This is part of my configuration:
>>
>> acl gmail1 dstdomain google.com
>> acl gmail2 dstdomain google.ca
>> http_access deny CONNECT gmail1 gmail2
>
That is the right approach. Almost.
Please read this FAQ section on what is going wrong:
http://wiki.squid-cache.org/SquidFaq/SquidAcl#Common_Mistakes
After correcting your ACLs you will also want to prefix the domain names
with "." to catch their HTTPS sub-domains.
Oh, and be sure to make this a *new* CONNECT line. If you do any of this
to the existing/default CONNECT line you will be opening huge holes in
your security system.
Amos
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.12 Beta testers wanted for 3.2.0.6Received on Sat Apr 16 2011 - 00:35:06 MDT
This archive was generated by hypermail 2.2.0 : Sat Apr 16 2011 - 12:00:04 MDT