Re: [squid-users] HTTPS and Transparent Proxy

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Tue, 19 Apr 2011 13:27:41 +1200

 On Mon, 18 Apr 2011 12:27:32 -0400, Mohammad Fattahian wrote:
> Hi,
>
> I just configured transparent proxy to use in my network.
>

 I assume you actually mean NAT interception...

> I found HTTPS is not going through the proxy when it is transparet.

 Yes. "transparent proxy" is a man-in-middle security attack.

 The protection to prevent man-in-middle attacks working is called
 HTTPS.

>
> What should I do if I want to limit access to some HTTPS site?

  * Configure your firewall to reject TCP port 443 to the IPs of the
 website you want blocked.

 In a non-intercepting proxy HTTPS travels through as a CONNECT method
 request.

  * Configure Squid to:
     acl blockedWebsites dstdomain ...
     http_access deny CONNECT blockedWebsites

 Amos
Received on Tue Apr 19 2011 - 01:27:47 MDT

This archive was generated by hypermail 2.2.0 : Tue Apr 19 2011 - 12:00:04 MDT