Re: [squid-users] SSL Sites bypass interception

From: Linos <info_at_linos.es>
Date: Tue, 29 May 2012 13:05:29 +0200

El 29/05/12 10:32, Jambaz escribió:
> Hi to all , i have squid 3.1.19 it's working all for http , the "problem" is
> only when the sites that i have blocked use https , with https ( port 443 )
> the site likes facebook,google plus,twitter and also sites very dangerous
> bypass squid and go normally like squid doesn't exist...
> Which i have to use and to do , to intercept also ssl sites ?
> One solution is deny all ssl sites....but i can't because https is also used
> for seriously sites ( and not for social ntworks ) and i only need to deny
> them and not the first...
>
> Any reply will be appreciated
>
> Regards
>

Hi,
        i use squid witth ssl-bump for this, i need to intercept ssl connections to
block any ssl sites while letting people use other ssl enabled websites (like
gmail), you will need to install your own ca in the user browsers (if you don't
the number of dialogs about how insecure a site it is are a real nightmare),
this can be automated depending on what browser and OS you are using (windows +
ie very easy with active directory group policies), you will find any insights
in this links:

http://wiki.squid-cache.org/Features/SslBump
http://wiki.squid-cache.org/Features/DynamicSslCert
http://dvas0004.wordpress.com/2011/03/22/squid-transparent-ssl-interception/

Regards,
Miguel Angel.
Received on Tue May 29 2012 - 11:05:38 MDT

This archive was generated by hypermail 2.2.0 : Tue May 29 2012 - 12:00:05 MDT