LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 10-11-2017, 03:03 PM   #1
scheffer
LQ Newbie
 
Registered: Oct 2017
Posts: 2

Rep: Reputation: Disabled
Question https blocking with squid3 3.4.8


Hello,
I am using squid3 (3.4.8) to block several websites for several times - so far so good.
Unfortunately I am not able to block any https website.

-----
http_port 3128

acl localnet src 192.168.21.0/24 # RFC 1918 possible internal network
#acl localnet src fc00::/7 # RFC 4193 local private network range
#acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines

acl SSL_ports port 443 # https
acl SSL_ports port 49300 # FRITZ-BOX
acl SSL_ports port 2818 # Apple siri
acl SSL_ports port 32400 # https Datengrab

acl Safe_ports port 81 # Webpage Webcams REOLINK

acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http

acl CONNECT method CONNECT

# Recommended minimum Access Permission configuration:
# Deny requests to certain unsafe ports
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports

# Only allow cachemgr access from localhost
http_access allow localhost manager
#http_access deny manager

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
# Wann ist Internet NICHT erlaubt ...
acl internet_deny01 time MTWHFAS 00:00-08:30
acl internet_deny02 time MTWHFAS 22:00-23:59
acl internet_deny03 time MTWHFAS 00:00-23:59
# ... gilt NUR für BLOCKSITES !
acl blocksites dstdomain "/etc/squid3/blocksites.conf"

# Welche Clients sind betroffen
acl iPhone src 192.168.21.52

# iPhone
#http_access deny internet_deny01 blocksites iPhone
#http_access deny internet_deny02 blocksites iPhone
http_access deny internet_deny03 blocksites iPhone
deny_info ERR_CUSTOM_DENIED iPhone

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost

# And finally deny all other access to this proxy
http_access deny all
-----


Have tried:
http_reply_access deny internet_deny03 blocksites iPhone
http_access deny CONNECT internet_deny03 blocksites iPhone

But this does not work.

Any hint is welcome.
 
Old 10-13-2017, 06:02 AM   #2
business_kid
LQ Guru
 
Registered: Jan 2006
Location: Ireland
Distribution: Slackware, Slarm64 & Android
Posts: 15,964

Rep: Reputation: 2272Reputation: 2272Reputation: 2272Reputation: 2272Reputation: 2272Reputation: 2272Reputation: 2272Reputation: 2272Reputation: 2272Reputation: 2272Reputation: 2272
This page has 325 views and no replies which tells you:
"If I was you, I wouldn't start from here at all!"

Why not use a firewall like iptables top do a firewall's job?
I thought squid was for maximising throughput, not minimising it.
 
Old 10-13-2017, 06:45 AM   #3
scheffer
LQ Newbie
 
Registered: Oct 2017
Posts: 2

Original Poster
Rep: Reputation: Disabled
Thanks for your answer.

I agree that I can do this with iptables, but my intention was to block i.e. http://www.domain.de and https://www.domain.de in "one shot" with squid. It seems, that is not so simple.

Additionally, I am using squid not for caching, only for reporting (together with sarg and lightsquid) which client is accessing which website (including volume).

Last edited by scheffer; 10-13-2017 at 06:49 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] SquidGuard/Squid3 not blocking sites Fat Long Fat Linux - Server 1 09-02-2014 12:43 PM
[SOLVED] content filter and then bypass https with Squid3 tripialos Linux - Software 13 01-06-2014 06:23 PM
how to deal with https with squid3 proxy tripialos Linux - Networking 10 10-11-2013 02:46 AM
[SOLVED] Unable to block HTTPS squid3 ozid Linux - Networking 3 07-25-2013 03:33 AM
Can't See https pages with Squid3 pliqui Linux - Networking 16 04-13-2009 05:05 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 05:25 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration