[squidguard] safesearch rewrite redirects http but not https
-
Hi all,
I configured squid which works well for intercepting http + https (splice all).
I configured squidguard blacklists, etc. and it works fine.
I tried to set up safesearch squidguard-based on url rewrites, and it seems to work with http (redirects appending safe=on at the end of the url), but not for https.example:
good: http://www.google.com.br/search?q=blabla => https://www.google.com.br/search?q=blabla&gws_rd=ssl&safe=on
bad: https://www.google.com.br/search?q=blabla => https://www.google.com.br/search?q=blablaMy rule is as follows:
target url: (google..*/search?.q=.)
replace to url: \1&safe=on
opt: no caseHelp much appreciated.
-
"Splice all" means do not decrypt. In this case your redirector will only see google.com (from SNI) - not the whole URL you try to rewrite.
-
The problem is that bumping give an error: "This site uses HTTP Strict Transport Security (HSTS)".
-
You cannot just redirect HTTPS unfortunately. Might have more luck with actually changing contents - like https://docs.diladele.com/tutorials/filtering_https_traffic_squid_pfsense/index.html (not verified with transparent intercept option like you desire).