Squid, blocking https except legitimate sites
Hello Good afternoon All!
How to block HTTPS sites and how to whitelist HTTPS legitimate sites?
Another related question:
How to block site like this (0.games32.domain.net)? I tried adding on blacklist squid 0.games32.domain.net but still i can access the site.
Also not removing the 443 coz we have some legitimate sites…like gmail uses https....
Try adding 'domain.net' to the blacklist as this seems like some kind of server pool which likely employees load balancing across different servers each with a different name.
thanks mhabs but i can still access https://www.facebook.com..
You cannot transparently block HTTPS sites; Due to the security involved in HTTPS, this will never work properly.
You would have to manually assign the proxy settings (Or use something like WPAD) in order to filter HTTPS. Once you have the proxy assigned to the client, you filter it just like HTTP traffic. SquidGuard is the easiest way.
Add facebook as regular expression or domain name in squid Access Control or SquidGuard Custom BlackList. http or https it will get blocked.