LinuxQuestions.org - Block https Traffic

- Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)

- - Block https Traffic (https://www.linuxquestions.org/questions/linux-security-4/block-https-traffic-763655/)

Block https Traffic

Hello All,

I am using Squid as my Proxy. I already block http traffic using squid proxy like http://www.gmail.com
but when user go trough using https://www.gmail.com then squid is unable to block these traffic.

If it is not possible to block https traffics using squid porxy, i dont want to block the particular port 443 through iptables,because i need to connect my office web page which is using https.

Is any another way to block https://mail.google.com or https://gmail.com?

Please help

Anu

If you block gmail.com and/or mail.google.com they will be blocked for both HTTP and HTTPS. If you only want to allow HTTPS for your office's Web page, you could block the CONNECT method entirely for every other site. Example:

Code:

acl CONNECT method CONNECT

acl MyOffice dstdomain .myoffice.com

http_access allow MyOffice

http_access deny CONNECT

Hello win32sux,

Thanks for ur reply...

I have blocked mail.google.com in Squid Proxy and i type http://mail.google.com, it wont come,its blocked. But if i tried https://mail.google.com, gmail website is Openning.

I need to block the gmail website for some users. Now they are accessing this Website through https://mail.google.com.

i have add these entries in the blocked Websites list .mail.google.com, https://mail.google.com, http://mail.google.com....But gmail is opening for all users....all other http sites are blocking fine...

Any one please help me to block gmail....

Please

Quote:

Originally Posted by chrism01 (Post 3729448)

Post your cfg file.

I second this request.

I suspect this might be an issue related to the order of your ACLs.

Quote:

Originally Posted by anu_here (Post 3728250)

If it is not possible to block https traffics using squid porxy, i dont want to block the particular port 443 through iptables,because i need to connect my office web page which is using https.

Is any another way to block https://mail.google.com or https://gmail.com?

Please help

Anu

Firewall rules don't have to be absolute. You can add a rule to allow https traffic to/from your offic web page, then block all the rest.

You should also be able to do this with Squid.

Hello all, I am sending my squid configuration acl list and please tell Which Sentence i have to add to block https traffic for a particular user.

acl our_networks src 192.168.X.X/24
acl general_blocked url_regex -i "/etc/squid/general_blocked"
acl allowed_users src "/etc/squid/allow_usr_list"
acl blockfiles urlpath_regex "/etc/squid/multimedia.files.acl"
acl blocked_users src "/etc/squid/block_usr_list"
acl special_access src "/etc/squid/special_access"
acl noporn url_regex "/etc/squid/noporn"
acl porn url_regex "/etc/squid/porn1"
acl every_one url_regex -i "/etc/squid/sites_allowed_all"
acl development src "/etc/squid/devel_usr_list"
acl devel_url url_regex "/etc/squid/sites_allow_devel"
acl blocked_sites url_regex -i "/etc/squid/sites_blocked_all"

#http_access deny servers
#http_access allow WsusAccess Wsus
#http_access allow proxy
http_access allow every_one
http_access deny porn
http_access deny test
http_access deny blockfiles
http_access deny blocked_sites
http_access allow special_access
http_access allow net_allowed_users
http_access deny general_blocked
http_access allow development
http_access deny devel_url
http_access allow allowed_users
http_access deny blocked_users

http_access allow our_networks
#Deny all other access to this proxy
http_access allow localhost
http_access deny all

Quote:

Originally Posted by anu_here (Post 3734935)

please tell Which Sentence i have to add to block https traffic for a particular user.

You could make an ACL with the user's IP and ban him/her from using the CONNECT method. Example:

Code:

acl CONNECT method CONNECT

acl user34 src 192.168.2.34

http_access deny user34 CONNECT