SquidGuard Expressions not filtering HTTPS



  • Setup:
    Squid (Port 8080)
    SquidGuard
    LightSquid
    Browser settings are forced to use proxy for all protocols.

    Issue:
    I have had numerous issues with students bypassing the content filter using various proxy websites. The only way I have been able to block the sites in question is by looking them up in LightSquid and then adding them to the domain list in my custom destination. This works well (including if you go to the HTTPS version of the site in question) however this can be quite tedious so I looked into using expressions instead. The expression I came up with works perfectly if you go to the website normally. However if you go to the site using the HTTPS version it fails to filter it using the expression. Here are some examples of the settings I used to block the website highdirt.com and the outcome of each setting. In every case HTTP was filtering properly. I want to avoid adding the domain names to my list of expressions if that's even possible.

    Expression: (highdirt.com)

    
    http://highdirt.com/vbvxmnsr.php?KYnCAwoX9516I4QFc0Q=Oh8hzBbu3jsXdhgw7Dvr78qTPBscjAUCVbzv1ExQ%2F7U%3D&r3D85SWI7a91iYZwp1fdg=Tokq095kGZX9MbGe2TEJJQ%3D%3D
    https://highdirt.com/vbvxmnsr.php?KYnCAwoX9516I4QFc0Q=snCVec01mqa4XZnnhgQfSnFMBlOnVIL46xqL0sn%2Bxqc%3D&r3D85SWI7a91iYZwp1fdg=Tokq095kGZX9MbGe2TEJJQ%3D%3D
    .*\.com/.*\.php\?.*Q\=.*g\=.*
    
    

    Example 1:
    HTTP: Blocked
    HTTPS: Not Blocked

    Example 2:
    HTTP: Blocked
    HTTPS: Blocked

    Example 3:
    HTTP: Blocked
    HTTPS: Blocked



  • Boy do I feel dumb. For those of you having the same issue it is due to the URL string not being visible to the proxy. The only thing visible is the domain name as it it submitted unencrypted.


Log in to reply