Re: [squid-users] Need help on Squid Setup

From: Durga Prasath <durga.prasath_at_bankbazaar.com>
Date: Wed, 13 Nov 2013 10:51:15 +0530

Thanks for your email amos. is there any other way that we can get
this done other than SSL_bump. any URL redirector program can help
us... ( I did check here and usage of ssl_bump is illegal.)

Thanks and Regards,
Durga Prasath

On Tue, Nov 12, 2013 at 1:35 PM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
> On 12/11/2013 8:19 p.m., Durga Prasath wrote:
>> Hello All,
>>
>> I am trying to setup Squid Proxy for our internal users. we want to
>> restrict access to only a few domains and URLs.
>>
>> the requirement i have is, i should allow
>> https://www.google.co.in/search and other URLs should be banned. Like
>> if users try to access https://www.google.co.in/blogsearch or
>> https://www.google.co.in/imagesearch should be restricted and only
>> /search should be allowed.
>>
>> The options url_regex or urlpath_regex are not working.
>>
>> Can someone help on this requirement on how to setup this using squid?
>
> This is HTTPS traffic.
>
> When it goes through a HTTP proxy it uses special CONNECT requests.
> Those requests contain *only* the domain name and port (usually 443)
> being connected to, and some headers related to what agent is requesting
> the tunnel connection be setup. Path and other parts of the URL are not
> available for access control to use.
>
> To do what you want, you will have to hijack the HTTPS/SSL connection,
> decrypt the users traffic, apply your controls, then re-encrypt. Squid
> can do that with the SSL-bump feature, BUT before using it please check
> with your local lawyer - using it is considered illegal wiretapping
> and/or breach of privacy in many countries.
>
> Amos
Received on Wed Nov 13 2013 - 05:21:23 MST

This archive was generated by hypermail 2.2.0 : Wed Nov 13 2013 - 12:00:03 MST