Re: [squid-users] Denying https access to websites

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Mon, 03 Oct 2011 17:24:12 +1300

On 28/09/11 04:47, Dayo wrote:
>> On Fri, 23 Sep 2011 09:32:01 +0100, Dayo Adewunmi wrote:
>>> Hi
>>>
>>> I've noticed that some sites which I deny access to with http_access deny
>>> are blocked when accessed with http://example.com but accessible
>>> through https://example.com. How do I ensure the https://example.com
>>> is also blocked?
>>
>> Depends on how you are blockign them and how yoru clients are using Squid.
>>
>> If you are using interception to get the traffic into Squid, the only
>> way to block them is to firewall port 443. Ability to view HTTPS
>> internals is one of the things you loose when intercepting.
>>
>> If the browsers are aware of the proxy and using CONNECT requests to
>> make https:// connections, then dstdomain will catch both http:// and
>> https:// forms.
>>
>> Amos
>
> My clients are using squid transparently. I've got this line in squid.conf
>
> http_port 3128 transparent
>

Then port 443 (HTTPS) is out of reach. Squid does not decode intercepted
traffic. See above.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.15
   Beta testers wanted for 3.2.0.12
Received on Mon Oct 03 2011 - 04:24:19 MDT

This archive was generated by hypermail 2.2.0 : Mon Oct 03 2011 - 12:00:02 MDT