well a non-transparent proxy is the default way squid works. so all standard reference materials for a conventional squid deployment will apply.
You generally need to filter https sessions by using ip blocking only. Terminating and re-encrypting https sessions can put you on *very* dodgy ground if you're trying to validate sessions such as bank sites. If you succeed and the wrong person finds out, your feet might not touch the ground on the way out of the door. You certainly need a lot more intelligence in the equation that doing it blindly. You need to inform clients what is happening and such, which squid by itself won't handle.
Last edited by acid_kewpie; 05-02-2009 at 03:15 PM.
|