Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Cannot block HTTPS websites via Transperent Proxy using SQUID-2.7.9_3-i386

    Scheduled Pinned Locked Moved Off-Topic & Non-Support Discussion
    6 Posts 3 Posters 3.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      nearones
      last edited by

      Hello,
      I am notable to block any websites which has https via transparent Proxy.
      But when i am able to block by without using transparent  proxy.
      For e.g if I use transparent proxy, i am able to open the site by typing https://youtube.com, but same when it type it as www.youtube .com it gets blocked

      but without using transparent proxy it gets blocked both the ways.

      1 Reply Last reply Reply Quote 0
      • KOMK
        KOM
        last edited by

        That's normal.  Squid can't see inside the encrypted HTTPS tunnel to block the URL unless it's doing a Man in the Middle attack.  If you want to intercept HTTPS then you need to get your hands dirty and start fiddling with trusted certs, WPAD files, transparent proxy with client certs or manual proxy client settings.

        1 Reply Last reply Reply Quote 0
        • Z
          zedn
          last edited by

          acl block url_regex -i youtube
          http_access deny block

          1 Reply Last reply Reply Quote 0
          • N
            nearones
            last edited by

            @KOM:

            That's normal.  Squid can't see inside the encrypted HTTPS tunnel to block the URL unless it's doing a Man in the Middle attack.  If you want to intercept HTTPS then you need to get your hands dirty and start fiddling with trusted certs, WPAD files, transparent proxy with client certs or manual proxy client settings.

            Request you to please explain.
            Now i had removed SQUID-2.7.9 and installing squid3-dev, then which squidguard version should i install ?, because after installing squid3-dev, squidguard services does not starts.

            1 Reply Last reply Reply Quote 0
            • KOMK
              KOM
              last edited by

              It's a bigger topic than I'm willing to explain here now.  Use the forum's Search feature and you will find a couple of megathreads that go into detail.

              You have to install the version of SquidGuard that is for Squid3 like it says in the Description column of the Packages page.  Try 1.4_4 pkg v.1.9.5 that says it's for Squid 3.x.

              1 Reply Last reply Reply Quote 0
              • N
                nearones
                last edited by

                @KOM:

                It's a bigger topic than I'm willing to explain here now.  Use the forum's Search feature and you will find a couple of megathreads that go into detail.

                You have to install the version of SquidGuard that is for Squid3 like it says in the Description column of the Packages page.  Try 1.4_4 pkg v.1.9.5 that says it's for Squid 3.x.

                Hi,
                I had now blocked Facebook via firewall with the help of its IP address.
                But now want to block youtube too, and there are many more sites like twitter.com that works with https.
                So is there any other way to block it. I had configured Aliases and configured in firewall, but that does not helps me for blocking this sites, please see that attachment

                1.jpg
                1.jpg_thumb
                2.jpg
                2.jpg_thumb

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.