Originally Posted by aliabbass
hi. We are running squid stable 2.6 on centos and restrictions are based on mac addresses. There is one issue that i need to find solution of and that issue is how to block https sites. There are certain websites which are blocked using http, but they can be opened by https:website address e.g social websites and porn websites. Can anybody help on this issue
based on my knowledge you cant block https URL because the whole packet is encrypted, you could do two things:
1) block port 443 and use Layer7 matching for SSL/TLS packets and block them and allow certain trusted IPs on this port/L7-regex rule.
2) rate limit all connection on this port/L7 and just allow trusted ips to have full bandwidth ( like google , yahoo mail , etc ) this is the recommended way.