LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   help in blocking https (http://www.linuxquestions.org/questions/linux-security-4/help-in-blocking-https-562635/)

venki 06-18-2007 06:48 AM

help in blocking https
 
HI all,
Please help me,i am trying to block https from 2 days still there is no use.
what to do in squid.conf? http is blocking correctly.I am using IPCOP

plz help me
thks and regards
______________

win32sux 06-18-2007 12:50 PM

did you remove port 443 from your ACLs?? is the squid box doing any SNAT??

venki 06-26-2007 01:21 AM

hi,
i don't want to block all https sites only few sites.

win32sux 06-26-2007 04:05 AM

Quote:

Originally Posted by venki
i don't want to block all https sites only few sites.

It would go something like this:
Code:

acl https_port port 443
acl bad_https_sites dstdomain .microsoft.com
acl bad_https_sites dstdomain .cnn.com
acl bad_https_sites dstdomain .google.com
http_access deny https_port bad_https_sites

With this example, you should be able to use these (and any others):

http://www.microsoft.com/
http://www.cnn.com/
http://www.google.com/

But these should generate an Access Denied:

https://www.microsoft.com/
https://www.cnn.com/
https://www.google.com/

venki 06-28-2007 01:26 AM

hi win32sux,

i have put ur script in squid.conf file...still there is no use!
microsoft cnn every thing is coming!
help me

win32sux 06-28-2007 02:44 AM

Quote:

Originally Posted by venki
hi win32sux,

i have put ur script in squid.conf file...still there is no use!
microsoft cnn every thing is coming!
help me

Actually, I tested it before posting it and I confirmed it worked well, meaning it did what I thought you wanted (to block an HTTPS site without blocking its HTTP counterpart). There might be something wrong somewhere else in your squid.conf, can you post it? Use a command like this to strip comments and spaces:
Code:

cat /etc/squid/squid.conf | grep -v ^# | grep -v ^$
Also, make sure you reconfigure Squid after you make changes to the conf file.
Code:

squid -k reconfigure


All times are GMT -5. The time now is 04:17 AM.