LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 10-22-2009, 04:07 AM   #1
anu_here
LQ Newbie
 
Registered: Sep 2008
Posts: 8

Rep: Reputation: 0
Block https Traffic


Hello All,


I am using Squid as my Proxy. I already block http traffic using squid proxy like http://www.gmail.com
but when user go trough using https://www.gmail.com then squid is unable to block these traffic.

If it is not possible to block https traffics using squid porxy, i dont want to block the particular port 443 through iptables,because i need to connect my office web page which is using https.

Is any another way to block https://mail.google.com or https://gmail.com?

Please help

Anu
 
Old 10-22-2009, 08:30 AM   #2
mkp
Member
 
Registered: Jul 2008
Posts: 48

Rep: Reputation: 15
I'm wrong, sorry.

Last edited by mkp; 10-23-2009 at 02:48 AM.
 
Old 10-22-2009, 05:31 PM   #3
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
If you block gmail.com and/or mail.google.com they will be blocked for both HTTP and HTTPS. If you only want to allow HTTPS for your office's Web page, you could block the CONNECT method entirely for every other site. Example:
Code:
acl CONNECT method CONNECT
acl MyOffice dstdomain .myoffice.com
http_access allow MyOffice
http_access deny CONNECT

Last edited by win32sux; 10-22-2009 at 05:47 PM.
 
Old 10-23-2009, 12:04 AM   #4
anu_here
LQ Newbie
 
Registered: Sep 2008
Posts: 8

Original Poster
Rep: Reputation: 0
Hello win32sux,

Thanks for ur reply...

I have blocked mail.google.com in Squid Proxy and i type http://mail.google.com, it wont come,its blocked. But if i tried https://mail.google.com, gmail website is Openning.

I need to block the gmail website for some users. Now they are accessing this Website through https://mail.google.com.

i have add these entries in the blocked Websites list .mail.google.com, https://mail.google.com, http://mail.google.com....But gmail is opening for all users....all other http sites are blocking fine...


Any one please help me to block gmail....

Please
 
Old 10-23-2009, 01:33 AM   #5
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.5, Centos 5.10
Posts: 16,269

Rep: Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028
Post your cfg file.
 
Old 10-23-2009, 02:56 AM   #6
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Quote:
Originally Posted by chrism01 View Post
Post your cfg file.
I second this request.

I suspect this might be an issue related to the order of your ACLs.
 
Old 10-24-2009, 01:03 PM   #7
unixfool
Member
 
Registered: May 2005
Location: Northern VA
Distribution: Slackware, Ubuntu, FreeBSD, OpenBSD, OS X
Posts: 781
Blog Entries: 8

Rep: Reputation: 157Reputation: 157
Quote:
Originally Posted by anu_here View Post
If it is not possible to block https traffics using squid porxy, i dont want to block the particular port 443 through iptables,because i need to connect my office web page which is using https.

Is any another way to block https://mail.google.com or https://gmail.com?

Please help

Anu
Firewall rules don't have to be absolute. You can add a rule to allow https traffic to/from your offic web page, then block all the rest.

You should also be able to do this with Squid.
 
Old 10-28-2009, 01:07 AM   #8
anu_here
LQ Newbie
 
Registered: Sep 2008
Posts: 8

Original Poster
Rep: Reputation: 0
Hello all, I am sending my squid configuration acl list and please tell Which Sentence i have to add to block https traffic for a particular user.


acl our_networks src 192.168.X.X/24
acl general_blocked url_regex -i "/etc/squid/general_blocked"
acl allowed_users src "/etc/squid/allow_usr_list"
acl blockfiles urlpath_regex "/etc/squid/multimedia.files.acl"
acl blocked_users src "/etc/squid/block_usr_list"
acl special_access src "/etc/squid/special_access"
acl noporn url_regex "/etc/squid/noporn"
acl porn url_regex "/etc/squid/porn1"
acl every_one url_regex -i "/etc/squid/sites_allowed_all"
acl development src "/etc/squid/devel_usr_list"
acl devel_url url_regex "/etc/squid/sites_allow_devel"
acl blocked_sites url_regex -i "/etc/squid/sites_blocked_all"


#http_access deny servers
#http_access allow WsusAccess Wsus
#http_access allow proxy
http_access allow every_one
http_access deny porn
http_access deny test
http_access deny blockfiles
http_access deny blocked_sites
http_access allow special_access
http_access allow net_allowed_users
http_access deny general_blocked
http_access allow development
http_access deny devel_url
http_access allow allowed_users
http_access deny blocked_users

http_access allow our_networks
#Deny all other access to this proxy
http_access allow localhost
http_access deny all

Last edited by anu_here; 10-28-2009 at 01:09 AM.
 
Old 10-30-2009, 03:42 AM   #9
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Quote:
Originally Posted by anu_here View Post
please tell Which Sentence i have to add to block https traffic for a particular user.
You could make an ACL with the user's IP and ban him/her from using the CONNECT method. Example:
Code:
acl CONNECT method CONNECT
acl user34 src 192.168.2.34
http_access deny user34 CONNECT
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
how to block https using iptables pavangogineni Linux - Networking 12 03-12-2012 10:31 AM
how to block gmail & gtalk (https traffic)using squid satishmali1983 Linux - Server 4 06-25-2009 01:22 AM
Virus scanning in HTTPS encrypted traffic priyadarshan Linux - Security 10 05-13-2009 06:56 AM
how to block https using iptables pavangogineni Linux - Security 2 10-19-2006 12:49 AM


All times are GMT -5. The time now is 05:33 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration