Re: [squid-users] Denying https access to websites

From: Dayo <roneyworld_at_googlemail.com>
Date: Tue, 27 Sep 2011 16:47:17 +0100

On Fri, 23 Sep 2011 09:32:01 +0100, Dayo Adewunmi wrote:
> Hi
>
> I've noticed that some sites which I deny access to with http_access deny
> are blocked when accessed with http://example.com but accessible
> through https://example.com. How do I ensure the https://example.com
> is also blocked?

Depends on how you are blockign them and how yoru clients are using Squid.

If you are using interception to get the traffic into Squid, the only
way to block them is to firewall port 443. Ability to view HTTPS
internals is one of the things you loose when intercepting.

If the browsers are aware of the proxy and using CONNECT requests to
make https:// connections, then dstdomain will catch both http:// and
https:// forms.

Amos

My clients are using squid transparently. I've got this line in squid.conf

http_port 3128 transparent

And I'm blocking them like this:

I've got a file called denied.dat that contains lines of websites which
should be blocked, e.g.:

.facebook.com
.facebook.net

then back in squid.conf I have this:

acl academic01 time MTWHF 07:00-16:00
acl blocked dstdomain "/etc/squid/denied.dat"
http_access deny blocked academic01

Thanks

Dayo
Received on Tue Sep 27 2011 - 15:48:31 MDT

This archive was generated by hypermail 2.2.0 : Wed Sep 28 2011 - 12:00:03 MDT