Block https Traffic
Hello All,
I am using Squid as my Proxy. I already block http traffic using squid proxy like http://www.gmail.com but when user go trough using https://www.gmail.com then squid is unable to block these traffic. If it is not possible to block https traffics using squid porxy, i dont want to block the particular port 443 through iptables,because i need to connect my office web page which is using https. Is any another way to block https://mail.google.com or https://gmail.com? Please help Anu |
I'm wrong, sorry.
|
If you block gmail.com and/or mail.google.com they will be blocked for both HTTP and HTTPS. If you only want to allow HTTPS for your office's Web page, you could block the CONNECT method entirely for every other site. Example:
Code:
acl CONNECT method CONNECT |
Hello win32sux,
Thanks for ur reply... I have blocked mail.google.com in Squid Proxy and i type http://mail.google.com, it wont come,its blocked. But if i tried https://mail.google.com, gmail website is Openning. I need to block the gmail website for some users. Now they are accessing this Website through https://mail.google.com. i have add these entries in the blocked Websites list .mail.google.com, https://mail.google.com, http://mail.google.com....But gmail is opening for all users....all other http sites are blocking fine... Any one please help me to block gmail.... Please |
Post your cfg file.
|
Quote:
I suspect this might be an issue related to the order of your ACLs. |
Quote:
You should also be able to do this with Squid. |
Hello all, I am sending my squid configuration acl list and please tell Which Sentence i have to add to block https traffic for a particular user.
acl our_networks src 192.168.X.X/24 acl general_blocked url_regex -i "/etc/squid/general_blocked" acl allowed_users src "/etc/squid/allow_usr_list" acl blockfiles urlpath_regex "/etc/squid/multimedia.files.acl" acl blocked_users src "/etc/squid/block_usr_list" acl special_access src "/etc/squid/special_access" acl noporn url_regex "/etc/squid/noporn" acl porn url_regex "/etc/squid/porn1" acl every_one url_regex -i "/etc/squid/sites_allowed_all" acl development src "/etc/squid/devel_usr_list" acl devel_url url_regex "/etc/squid/sites_allow_devel" acl blocked_sites url_regex -i "/etc/squid/sites_blocked_all" #http_access deny servers #http_access allow WsusAccess Wsus #http_access allow proxy http_access allow every_one http_access deny porn http_access deny test http_access deny blockfiles http_access deny blocked_sites http_access allow special_access http_access allow net_allowed_users http_access deny general_blocked http_access allow development http_access deny devel_url http_access allow allowed_users http_access deny blocked_users http_access allow our_networks #Deny all other access to this proxy http_access allow localhost http_access deny all |
Quote:
Code:
acl CONNECT method CONNECT |
All times are GMT -5. The time now is 02:44 AM. |