Hello all,

I am using squid 2.6 stable on CentOS5.4 for proxy requirements. It is working in transparent mode. Can not remove it from transparent mode as it is difficult to go and configure every browser on every client for proxy settings. And it does a good job.
But one down side of using a transparent proxy is that it can not intercept https requests.
So even if I block some sites, they would be accessible through https. For example, I have gmail blocked but if it is visited through https explicitly, it would just pass through.

But I would like to hear from you members if someone knows any plugin or extension for squid that will add this functionality for controlling https access.

PS: I can not redirect 443 requests to 3128 or 80 port. This will block all the https requests. I do not want this as all the banks use https for online payments and all.

have you tried squidguard?

I do have looked at squidguard but it does not mention it can do https controlling.

ok, have a look at dansguardian then.
i know this def does this as i have used it some time ago

Oh yes, I am actually using Dans in one of my sites. So it should be easier for me to change to Dans with little effort. Let me see if this works. The homepage says it is able to filter https URLs.
I hope this works for me. I will, though, have to change some of my iptables rules as well. Will have to remove DNAT and use masquerading.

Now that. Have used dansguardian and it is running fine in one my sites. But it is just not working here at my office. The rules for iptables are same at both the sites and still here it just does not.
I changed the rules to start the internet access and it did but squid now does not log the requests.
Do not know why. Have searched the google to find out that there are a lot of people who have this issue but none have the solution. I am trying to find it out.
I guess there is something to do with the rules that contain MASQUERADE and REDIRECT options. Earlier I was DNAT.

These are the two rules that I am using right now for the transparent proxying.

I guess there is something to do with these rules that either there is no internet or squid just does not log the requests. I would squid and dans both to do the logging of requests.

Dansguardian is making me mad. The firewall rules for transparent proxy that are working for me at one server are not working at other one.
If I change the MASQ and redirection rules, they do work but the squid does not log the entries. I have tried all that I can think off. Now it is time for me to pull my hair.

Ok, I thought it would be easier for me to integrate Dans with my existing proxy setup for I have done this before successfully. But as fate is, it was not to be.
Either the squid logs the requests or dansguardian. So I guess when squid is doing the logging, dans is not working at all.
If I remove the second rule for MASQUERADING from my earlier post, squid will log the requests. I am guessing, dans stops working completely.
And if I keep both the rules, squid stops logging the requests. But it is working though.

I have a same rule set working at my other site, so I am hoping that firewall is not completely wrong.

I do not applied dansguardian rules yet but it is working and both squid and dans are logging the requests with client ip addresses as source.

Need to change this when dans sits between squid and client

This was what was required. Iptables rules were all fine.

Not marking it solved as yet as I do not know if dansguardian blocks https requests. When I confirm that will mark it as solved.
Thanks to centosboy for helping.

Dans is not blocking the https requests. It is blocking www.gmail.com but not https://www.gmail.com

Something I was looking for is not possible.
Here:

http://www.linuxquestions.org/questi...pages.-772406/