LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 01-27-2016, 10:08 AM   #1
pandanonomous
LQ Newbie
 
Registered: Jan 2016
Posts: 1

Rep: Reputation: Disabled
Question HTTPS Content Filtering without de-crypting traffic using squid?


Hello,

I attempting to terminate https traffic based on ACLs using ssl_bumping WITHOUT de-crypting the traffic in intercept/transparent mode. Has anyone got this to work before? I have copied my configuration and what my iptables nat rules look like.


I am using squid 3.5.13 with the following compile options:
Squid Cache: Version 3.5.12
Service Name: squid
configure options: '--prefix=/usr' '--localstatedir=/var' '--libexecdir=/lib/squid3' '--datadir=/share/squid3' '--sysconfdir=/etc/squid3' '--with-default-user=proxy' '--with-logdir=/var/log/squid3' '--with-pidfile=/var/run/squid3.pid' '--with-openssl' '-enable-ssl-crtd' '--enable-icap-client' '--with-large-files' --enable-ltdl-convenience


squid.conf:
acl social dstdomain .google.com .facebook.com .reddit.com
acl step1 at_step SslBump1
acl step2 at_step SslBump2
ssl_bump stare step2 all
ssl_bump terminate social
acl localnet src 192.168.50.0/24
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access allow localhost
http_access allow all
http_port 3128 transparent
https_port 3129 intercept ssl-bump cert=/etc/squid3/ssl_cert/squidSSL.pem
cache_dir ufs /cache/squid3/spool 100 16 256
access_log syslog:local5.info squid
coredump_dir /var/spool/squid3
url_rewrite_program /usr/bin/squidGuard -c /cache/config/daemons/squidguard/squidGuard.conf
url_rewrite_children 15
url_rewrite_access allow all
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
icap_enable on
icap_send_client_ip on
icap_send_client_username on
icap_client_username_encode off
icap_client_username_header X-Authenticated-User
icap_preview_enable on
icap_preview_size 1024
icap_service service_req reqmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav
adaptation_access service_req allow all
icap_service service_resp respmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav
adaptation_access service_resp allow all


iptables -L -v -t nat(only relevant rules):
Chain PREROUTING (policy ACCEPT 1083 packets, 233K bytes)
pkts bytes target prot opt in out source destination
157 9420 DNAT tcp -- eth1 any anywhere anywhere tcp dpt:https to:192.168.11.1:3129

Chain PREROUTING-daemon-tcp (1 references)
pkts bytes target prot opt in out source destination
443 26580 DNAT tcp -- eth1 any anywhere anywhere tcp dpt:http to:192.168.11.1:3128
0 0 DNAT tcp -- eth2 any anywhere anywhere tcp dpt:http to:172.17.0.1:3128


Right now I can't get it to terminate ANY https traffic. All it does is allow it through.
Any and all help would be greatly appreciated!

~ Extremely Confused Squid User ~
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Blocking proxy bypass and porn websites through content filtering on Squid server. Satyaveer Arya Linux - Server 8 01-21-2012 02:33 AM
Content Filtering in squid sheikptcs1984 Linux - Networking 0 07-21-2009 12:44 AM
Need to know how to use Squid proxy for content filtering surangar Linux - Newbie 2 03-10-2009 03:51 AM
URGENT case. Experience on Squid content filtering needed J77 Linux - Networking 2 06-25-2006 10:14 PM
Content Filtering using Squid toraghun Red Hat 3 11-10-2005 10:42 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 01:53 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration