Re: RES: [squid-users] How can I block a https site?

From: Marcus Kool <marcus.kool_at_urlfilterdb.com>
Date: Fri, 24 Oct 2008 14:50:23 -0200

Ricardo,

You cannot do it with a transparent proxy.
If you want Squid to handle https traffic, you must
use Squid in a non-transparent setup.

-Marcus

Ricardo Augusto de Souza wrote:
> I am still not able to block https sites.
> I tested all you sugested here.
> I am using transparent proxy. I am redirecting all outgoing traffic to
> port 80 to squid port 3128. If i redirect 443 port to squid i wont be
> able to access ANY https site.
>
> I just wanna block *FEW* https sites like i AM ALREADY doing using
>
>
> Acl bleh dstdomain "/some/file/"
> http_access deny bleh
>
>
>
>
> -----Mensagem original-----
> De: Matus UHLAR - fantomas [mailto:uhlar_at_fantomas.sk]
> Enviada em: quinta-feira, 23 de outubro de 2008 08:20
> Para: squid-users_at_squid-cache.org
> Assunto: Re: [squid-users] How can I block a https site?
>
>> Matus UHLAR - fantomas wrote:
>>> On 21.10.08 16:23, Alejandro Bednarik wrote:
>>>> You can also use url_regex -i
>>>>
>>>> acl bad_sites url_regex -i "/etc/squid/bad_sites.txt"
>>>> http_access deny bad_sites
>>> using regexes is very ineffective and may lead to problems if you
> don't
>>> count with:
>>> - dot matching ANY character
>>> - regex matching the middle of string, not just the end of it (like
>>> dstdomain does)
>
> On 22.10.08 23:45, Amos Jeffries wrote:
>> - URL parts often included in regex not occuring in CONNECT requests.
>> - neither the http(s):// part.
>
> no, but it can match different hosts it should not mach.
>
>>>>>> .imo.im
>
> will block e.g. www.limolimo.com
>
Received on Fri Oct 24 2008 - 16:50:34 MDT

This archive was generated by hypermail 2.2.0 : Sat Oct 25 2008 - 12:00:03 MDT