Hello All,


I am using Squid as my Proxy. I already block http traffic using squid proxy like http://www.gmail.com
but when user go trough using https://www.gmail.com then squid is unable to block these traffic.

If it is not possible to block https traffics using squid porxy, i dont want to block the particular port 443 through iptables,because i need to connect my office web page which is using https.

Is any another way to block https://mail.google.com or https://gmail.com?

Please help

Anu

I'm wrong, sorry.

If you block gmail.com and/or mail.google.com they will be blocked for both HTTP and HTTPS. If you only want to allow HTTPS for your office's Web page, you could block the CONNECT method entirely for every other site. Example:

Hello win32sux,

Thanks for ur reply...

I have blocked mail.google.com in Squid Proxy and i type http://mail.google.com, it wont come,its blocked. But if i tried https://mail.google.com, gmail website is Openning.

I need to block the gmail website for some users. Now they are accessing this Website through https://mail.google.com.

i have add these entries in the blocked Websites list .mail.google.com, https://mail.google.com, http://mail.google.com....But gmail is opening for all users....all other http sites are blocking fine...


Any one please help me to block gmail....

Please

Post your cfg file.

I second this request.

I suspect this might be an issue related to the order of your ACLs.

Firewall rules don't have to be absolute. You can add a rule to allow https traffic to/from your offic web page, then block all the rest.

You should also be able to do this with Squid.

Hello all, I am sending my squid configuration acl list and please tell Which Sentence i have to add to block https traffic for a particular user.


acl our_networks src 192.168.X.X/24
acl general_blocked url_regex -i "/etc/squid/general_blocked"
acl allowed_users src "/etc/squid/allow_usr_list"
acl blockfiles urlpath_regex "/etc/squid/multimedia.files.acl"
acl blocked_users src "/etc/squid/block_usr_list"
acl special_access src "/etc/squid/special_access"
acl noporn url_regex "/etc/squid/noporn"
acl porn url_regex "/etc/squid/porn1"
acl every_one url_regex -i "/etc/squid/sites_allowed_all"
acl development src "/etc/squid/devel_usr_list"
acl devel_url url_regex "/etc/squid/sites_allow_devel"
acl blocked_sites url_regex -i "/etc/squid/sites_blocked_all"


#http_access deny servers
#http_access allow WsusAccess Wsus
#http_access allow proxy
http_access allow every_one
http_access deny porn
http_access deny test
http_access deny blockfiles
http_access deny blocked_sites
http_access allow special_access
http_access allow net_allowed_users
http_access deny general_blocked
http_access allow development
http_access deny devel_url
http_access allow allowed_users
http_access deny blocked_users

http_access allow our_networks
#Deny all other access to this proxy
http_access allow localhost
http_access deny all

You could make an ACL with the user's IP and ban him/her from using the CONNECT method. Example: