LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
Reload this Page Dansguardian Squid and HTTPS
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 04-06-2010, 11:37 AM   #1
viper3two
LQ Newbie
 
Registered: Feb 2010
Posts: 29

Rep: Reputation: 15
Dansguardian Squid and HTTPS

Hi
Thanks to folks on this board, I have set up a transparent proxy server with 2 nics. It is just a passthrough box istening for port 80 requests. I have Ubuntu 9.10 and Dansguardian, Squid and Webmin interface. It works great so far with no issues.
One big big thing that I ran into though, is https sites. I know that https is port 443, http is 80. Is there a way that I can block https sites also using Dansguardian and Squid?

Thanks for the help
 
Old 04-06-2010, 01:14 PM   #2
hi2arun
Member
 
Registered: Apr 2010
Distribution: Fedora
Posts: 109
Blog Entries: 4

Rep: Reputation: 34
Well, I dunno much about Dansguardian. To block HTTPS, isn't it straight forward to add an ACL to drop all TCP DST port 443?

If you are redirecting all ports to Squid or if Squid is configured as proxy in users' machines, then disable CONNECT to port 443 in Squid configuration. This should do.

Squid conf to stop HTTPS:
Quote:
acl SSL_ports port 443
acl CONNECT method CONNECT
http_access deny CONNECT SSL_ports
 
Old 04-06-2010, 01:49 PM   #3
viper3two
LQ Newbie
 
Registered: Feb 2010
Posts: 29

Original Poster
Rep: Reputation: 15
The way I have it set up is in bridged mode, passthrough box, one nic in, one nic out, then that out nic goes to the router.

So if I add that to squid to STOP https, would it not stop all https requests, or would it direct to squid?

I am trying to find a way that I could just add....for instance....https://us.etrade.com or something to the dansguardian list to block it.

I assume that since squid-dans is listening to port 80 only, it is not seeing that port 443 request.

Is there a way to have squid-dans check https requests?

Thanks
Last edited by viper3two; 04-07-2010 at 11:16 AM.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Squid+DansGuardian not working properly. squid blocking sites that should be linuxlover.chaitanya Linux - Server 13 11-10-2014 10:34 AM
[SOLVED] Dansguardian not blocking https pages. linuxlover.chaitanya Linux - Server 21 11-07-2010 11:09 PM
dansguardian and https dcordina Linux - Networking 0 04-10-2009 05:24 PM
Preventing DansGuardian Bypass via HTTPS Proxies win32sux Linux - Security 16 08-19-2008 03:08 PM
scan https through dansguardian, clamav and squid hassan2 Ubuntu 1 03-13-2008 03:23 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 08:17 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration