LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 02-04-2009, 07:19 AM   #1
avi_tokade
LQ Newbie
 
Registered: Jan 2009
Posts: 2

Rep: Reputation: 0
How to block https sites through ACL in squid


Hi All,


Anybody know how to block HTTPS base sites. (ex. gamil.com) without blocking only 443 port. because It block all the https base site. I want to block only mail sites.

Thanks in Advance

Avin.....
 
Old 02-05-2009, 10:07 AM   #2
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 17,916

Rep: Reputation: 3689Reputation: 3689Reputation: 3689Reputation: 3689Reputation: 3689Reputation: 3689Reputation: 3689Reputation: 3689Reputation: 3689Reputation: 3689Reputation: 3689
Quote:
Originally Posted by avi_tokade View Post
Hi All,


Anybody know how to block HTTPS base sites. (ex. gamil.com) without blocking only 443 port. because It block all the https base site. I want to block only mail sites.

Thanks in Advance

Avin.....
HTTPS has nothing to do with 'mail sites'. If you block https, that's 443 by default.

There is a blacklist you can put in place in Squid, to block the sites listed in it, but there's no hard-and-fast rule to block mail sites. A 'mail site' can be called anything, and run on any port....

Best thing you can do in your situation, is to look at the access logs, and pull out a list of sites you want to block, and build your blacklist accordingly.
 
Old 02-06-2009, 01:39 AM   #3
avi_tokade
LQ Newbie
 
Registered: Jan 2009
Posts: 2

Original Poster
Rep: Reputation: 0
Question HTTPS Blocking

Quote:
Originally Posted by TB0ne View Post
HTTPS has nothing to do with 'mail sites'. If you block https, that's 443 by default.

There is a blacklist you can put in place in Squid, to block the sites listed in it, but there's no hard-and-fast rule to block mail sites. A 'mail site' can be called anything, and run on any port....

Best thing you can do in your situation, is to look at the access logs, and pull out a list of sites you want to block, and build your blacklist accordingly.

Hi,

Thanks for reply.....

I have already created my black list. Problem is that Squid only filter http base site and it is not filter https base site. I want to block some https base site like gmail, hotmail and chatting tools(gtalk, skype)

I know very well how to filter http base site but I am not able to apply my rules on https base site. I had tried to block 443 port which https use for connection but It was block all the https site. and some office application. So Can you tell me How can I block 443 port on particular domain. I am using Transparent Proxy.

Thanx
Avi.....
 
Old 02-06-2009, 03:56 AM   #4
arckane
Member
 
Registered: Sep 2005
Location: UK
Distribution: Gentoo/Debian/Ubuntu
Posts: 307

Rep: Reputation: 38
Create a block list that's regex based, that'll block anything including HTTPS:

Code:
Acl Type:	dstdom_regex

Description:    This is also an effective method as dstdomain

Usage:  	acl aclname dstdom_regex pattern

Example:        acl aclname dstdom_regex kovai

Hence this looks for the word kovai from the client domain name
 
Old 04-12-2011, 06:46 PM   #5
The Chad
LQ Newbie
 
Registered: Apr 2011
Posts: 1

Rep: Reputation: 0
I have the same problem. Did you already found out how?
 
0 members found this post helpful.
Old 04-12-2011, 06:53 PM   #6
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 17,916

Rep: Reputation: 3689Reputation: 3689Reputation: 3689Reputation: 3689Reputation: 3689Reputation: 3689Reputation: 3689Reputation: 3689Reputation: 3689Reputation: 3689Reputation: 3689
Quote:
Originally Posted by The Chad View Post
I have the same problem. Did you already found out how?
First, don't reopen old threads...this is TWO YEARS OLD. Open your own thread for your own question. And did you not read the above thread?? You can create an ACL to block sites, or use the regex based ACL that's documented in Squid.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
squid 2.6 not blocking sites even i entered ACL to block sites mohantorvalds Linux - Server 1 01-08-2009 05:17 AM
Squid acl block internet by ip address xzeppelin Linux - Newbie 5 05-28-2008 04:06 PM
Squid 2.6 not accessing https sites unixashoke Linux - Newbie 2 04-04-2008 08:52 AM
Squid and https sites 2buck56 Linux - Security 6 06-14-2007 04:06 AM
squid acl how to block all site except some mikmok Linux - Networking 1 12-22-2003 09:20 AM


All times are GMT -5. The time now is 10:41 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration