Re: [squid-users] Need help on Squid Setup

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Tue, 12 Nov 2013 21:05:33 +1300

On 12/11/2013 8:19 p.m., Durga Prasath wrote:
> Hello All,
>
> I am trying to setup Squid Proxy for our internal users. we want to
> restrict access to only a few domains and URLs.
>
> the requirement i have is, i should allow
> https://www.google.co.in/search and other URLs should be banned. Like
> if users try to access https://www.google.co.in/blogsearch or
> https://www.google.co.in/imagesearch should be restricted and only
> /search should be allowed.
>
> The options url_regex or urlpath_regex are not working.
>
> Can someone help on this requirement on how to setup this using squid?

This is HTTPS traffic.

When it goes through a HTTP proxy it uses special CONNECT requests.
Those requests contain *only* the domain name and port (usually 443)
being connected to, and some headers related to what agent is requesting
the tunnel connection be setup. Path and other parts of the URL are not
available for access control to use.

To do what you want, you will have to hijack the HTTPS/SSL connection,
decrypt the users traffic, apply your controls, then re-encrypt. Squid
can do that with the SSL-bump feature, BUT before using it please check
with your local lawyer - using it is considered illegal wiretapping
and/or breach of privacy in many countries.

Amos
Received on Tue Nov 12 2013 - 08:05:38 MST

This archive was generated by hypermail 2.2.0 : Wed Nov 13 2013 - 12:00:03 MST