Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Thank you all for your support to helping me on this issue. since I fingure out ,it is not possible to track https in transparent mode of squid .
For the record, it's not just Squid. This is a natural limitation of all proxy servers. Did you search LQ before starting this thread? I ask because this has been discussed here before. That said, the words "not possible" might be a bit too much, since you could always start issuing your own certificates (and get clients to accept them) in order to gain the ability to transparently proxy HTTPS traffic (MITM attack). It's a nasty/dangerous practice, but it seems to be an increasingly common one in corporate environments. Personally, I've never done it (and have no plans to), since it isn't compatible with my ethical standards.
In my case, I been blocking facebook.com in pfsense server through squid. Although it is working perfectly , some users have found a way out by accessing the same url with https in place of http. To solve the problem I need to block https www.facebook.com in firewall rules.
Thanks for your valueable response. This is very old thread . One thing I would like to share is that there is not a way to block https via squid when you are running it in transparent mode . if your proxy isnt in transparent mode then there is easy to go with .
Tested this on squid 2.6STABLE on centos 5.5 and although I don't get the usual error message of 'access denied' like when accessing http://www.facebook.com.
when I access https://www.facebook.com; it shows a "proxy server refused connection" which also indirectly does what I want it to do....
did yours show similar behavior?
EDIT: whops; my squid was NOT in transparent mode. that is why. ^^
Last edited by chickenjoy; 11-29-2010 at 06:23 AM.
Finally Ive solved my issue Im able to block https as well as streaming on facebook if it is allow . Im running squid in transparent mode so I had to use IPtables to block facebook completely .
Finally Ive solved my issue Im able to block https as well as streaming on facebook if it is allow . Im running squid in transparent mode so I had to use IPtables to block facebook completely .
If any one needs the solution let me know.
Regards
Net_Spy
Hi Net_Spy,
I am hopeless to block https traffic with some exception to allow some banking site.
I have blocked https traffic with iptables. I am using squid dansguardian.
Please suggest me, how you can block it.
Please replay me on my personal mail id: kaustuvabedant@gmail.com
I am hopeless to block https traffic with some exception to allow some banking site.
I have blocked https traffic with iptables. I am using squid dansguardian.
Please suggest me, how you can block it.
Please replay me on my personal mail id: kaustuvabedant@gmail.com
Thanks and regards
Kaustuva
Hi Kaustuva ,
I also need to resolve this problem , i use squid in transparent mode..i have read about iptables , you have resolved your problems ?
P.S.:If anyone have found the solution contact me at gibbybia@hotmail.com ( sorry for the e-mail )
This is very old thread , but yet I'm glad that it is useful to people who seeks the solution to block https . I will get back to you with solution. if you provide some details.
This is very old thread , but yet I'm glad that it is useful to people who seeks the solution to block https . I will get back to you with solution. if you provide some details.
Retards
Net_Spy
Hi Net_Spy , me and Kaustuva are very happy to read your words ,
I tell you all you need , i use squid in transparent mode , the version is the 2.7stable 9 ( on Ubuntu ) with squidGuard , the https if i put the settings in the browser the https don't function , but you know that is not a solution , first because the user can set the settings manually ( especially on Win client , edit some key ) , second because they can use some programs like ultrasurf and they resolve https links.....i can denied all https connections , but i need that for banking and other utilietis and so i need only to apply the filter on this connection , or redirecting the https on http...tell me my friend Net_Spy the solution that you have found :-)
Hi Kaustuva ,
I also need to resolve this problem , i use squid in transparent mode..i have read about iptables , you have resolved your problems ?
P.S.:If anyone have found the solution contact me at ( sorry for the e-mail )
...and....
Quote:
Originally Posted by kaustuva
I am hopeless to block https traffic with some exception to allow some banking site. I have blocked https traffic with iptables. I am using squid dansguardian. Please suggest me, how you can block it. Please replay me on my personal mail id
You both re-opened a thread that was closed for TWO YEARS, and which was originally older than that, which isn't a good thing to do; post your own thread for your own questions. Second, this isn't the place to come for personalized, one-on-one email tech support. This is a COMMUNITY forum...if you don't participate here, then you need to PAY someone to spoon-feed you the answers to your email or give them to you over the phone.
As net_spy was told in this thread (and the OTHER thread opened with the same question), there are ways to perform some functions with https, but again you need to THINK about what https IS, and why a proxy server won't work for it. The suggestions in this thread are valid...follow them.
That blocks an Ads Video who is played before the Clip come.
thanks!!!
(sorry i have to please the url with %)
Read the LQ Rules...you have re-opened a THREE YEAR OLD THREAD, to post your own question...which was closed for TWO YEARS before the last couple of folks re-opened it.
They both *CLAIM* to have a 'solution', but (not surprisingly), haven't ever posted it, because it doesn't exist. Check the previous responses/links in this very thread, for why this won't work.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.