Cannot block HTTPS websites via Transperent Proxy using SQUID-2.7.9_3-i386



  • Hello,
    I am notable to block any websites which has https via transparent Proxy.
    But when i am able to block by without using transparent  proxy.
    For e.g if I use transparent proxy, i am able to open the site by typing https://youtube.com, but same when it type it as www.youtube .com it gets blocked

    but without using transparent proxy it gets blocked both the ways.



  • That's normal.  Squid can't see inside the encrypted HTTPS tunnel to block the URL unless it's doing a Man in the Middle attack.  If you want to intercept HTTPS then you need to get your hands dirty and start fiddling with trusted certs, WPAD files, transparent proxy with client certs or manual proxy client settings.



  • acl block url_regex -i youtube
    http_access deny block



  • @KOM:

    That's normal.  Squid can't see inside the encrypted HTTPS tunnel to block the URL unless it's doing a Man in the Middle attack.  If you want to intercept HTTPS then you need to get your hands dirty and start fiddling with trusted certs, WPAD files, transparent proxy with client certs or manual proxy client settings.

    Request you to please explain.
    Now i had removed SQUID-2.7.9 and installing squid3-dev, then which squidguard version should i install ?, because after installing squid3-dev, squidguard services does not starts.



  • It's a bigger topic than I'm willing to explain here now.  Use the forum's Search feature and you will find a couple of megathreads that go into detail.

    You have to install the version of SquidGuard that is for Squid3 like it says in the Description column of the Packages page.  Try 1.4_4 pkg v.1.9.5 that says it's for Squid 3.x.



  • @KOM:

    It's a bigger topic than I'm willing to explain here now.  Use the forum's Search feature and you will find a couple of megathreads that go into detail.

    You have to install the version of SquidGuard that is for Squid3 like it says in the Description column of the Packages page.  Try 1.4_4 pkg v.1.9.5 that says it's for Squid 3.x.

    Hi,
    I had now blocked Facebook via firewall with the help of its IP address.
    But now want to block youtube too, and there are many more sites like twitter.com that works with https.
    So is there any other way to block it. I had configured Aliases and configured in firewall, but that does not helps me for blocking this sites, please see that attachment





Log in to reply