Squid 3 for https blocking?
-
Hi,
So I have been trying to block https facebook and had no luck :(.
First i installed squid then squid guard then i realize it does not block https
then i installed squid 3 which it says it blocks https but im lost in configuring it.This is my setup in proxy server interface: LAN
proxy port 3128
allow user on interface is checked
transparent http proxy checkedproxy filter squidguard is checked
and black list is checked with the shallalist
on the tab common acl the target rule deny is social network
do not allow ip addresses in url is checked
then i created in target categories a new name called test
then i added domain name
facebook.com es-la.facebook.com static.ak.fbcdn.net login.facebook.com www.login.facebook.com fbcdn.net fbcdn.com static.ak.connect.facebook.combut now im confused on the part of reverse proxy
here are some snap shots
Thank you
-
This is my setup in proxy server interface: LAN
proxy port 3128
allow user on interface is checked
transparent http proxy checkedDo not waste time (except for reading some documentation ;D):
- transparent proxy will not handle HTTPS (except if you implement nasty "man in the middle" stuff but who would like to do this ???)
If you want to filter HTTPS, which does make sense BTW, then switch to explicit proxy, and implement WPAD in case you don't want to configure proxy on each and every device.
-
-
Hi,
Thank you for your response. I will give it a try and let you know how it goes. Another question so squidguard is pointless or keep it just for the heck of it? and I have to keep squid
Thank you
-
Squid and Squidguard are two different beasts.
Squid acts as HTTP proxy and provides access control based on various rule types. It can't really filter URL and content but can delegate this task to external service like Squidguard.
If you want to implement content filtering, blacklist and stuff like this, you do need both Squid and Squidguard. -
I think i might just roll back to pfsense 2.1 i have been reading alot, and most people in general having problems with 2.2.2. Im even having trouble with port forwarding…i will keep you posted to see if 2.1 seems more stable
Thank you
-
I got tired of all the funniness with Squid and decided to roll my own. Squid3, squidGuard, Lightsquid and Sarg on a Ubuntu box. Works like a charm.
-
KOM but you said WPAD? How does squidGuard work without Squid?
-
KOM but you said WPAD? How does squidGuard work without Squid?
I don't understand your question. WPAD is a generic technology allows a client to find the Squid proxy automatically. Squid relies on squidGuard to do URL filtering.
-
ohhh never mind i got it sorry for the ignorance :-[
