Transparent mode doesn't apply to HTTPS.

You already confirmed to us that your clients are NOT using Squid for HTTPS when you posted this:

Thank you all for your support to helping me on this issue. since I fingure out ,it is not possible to track https in transparent mode of squid .


Regards
Net_Spy

For the record, it's not just Squid. This is a natural limitation of all proxy servers. Did you search LQ before starting this thread? I ask because this has been discussed here before. That said, the words "not possible" might be a bit too much, since you could always start issuing your own certificates (and get clients to accept them) in order to gain the ability to transparently proxy HTTPS traffic (MITM attack). It's a nasty/dangerous practice, but it seems to be an increasingly common one in corporate environments. Personally, I've never done it (and have no plans to), since it isn't compatible with my ethical standards.

Thanks win32sux well I'm not going to do that , it isn't a good idea . well If I found any reliable solution I will add it in this thread .

Regards
Net_Spy

In my case, I been blocking facebook.com in pfsense server through squid. Although it is working perfectly , some users have found a way out by accessing the same url with https in place of http. To solve the problem I need to block https www.facebook.com in firewall rules.

Please click my simple tutorial on how to block https www.facebook.com

Thanks for your valueable response. This is very old thread . One thing I would like to share is that there is not a way to block https via squid when you are running it in transparent mode . if your proxy isnt in transparent mode then there is easy to go with .

Regards
Net_Spy

@Net_Spy

Tested this on squid 2.6STABLE on centos 5.5 and although I don't get the usual error message of 'access denied' like when accessing http://www.facebook.com.

when I access https://www.facebook.com; it shows a "proxy server refused connection" which also indirectly does what I want it to do....

did yours show similar behavior?

EDIT: whops; my squid was NOT in transparent mode. that is why. ^^

1 members found this post helpful.

Finally Ive solved my issue Im able to block https as well as streaming on facebook if it is allow . Im running squid in transparent mode so I had to use IPtables to block facebook completely .

If any one needs the solution let me know.

Regards
Net_Spy

1 members found this post helpful.

Hi Net_Spy,

I am hopeless to block https traffic with some exception to allow some banking site.
I have blocked https traffic with iptables. I am using squid dansguardian.
Please suggest me, how you can block it.
Please replay me on my personal mail id: kaustuvabedant@gmail.com

Thanks and regards
Kaustuva

1 members found this post helpful.

Hi Kaustuva ,
I also need to resolve this problem , i use squid in transparent mode..i have read about iptables , you have resolved your problems ?

P.S.:If anyone have found the solution contact me at gibbybia@hotmail.com ( sorry for the e-mail )

@Jambaz ,

This is very old thread , but yet I'm glad that it is useful to people who seeks the solution to block https . I will get back to you with solution. if you provide some details.


Retards
Net_Spy

1 members found this post helpful.

Hi Net_Spy , me and Kaustuva are very happy to read your words ,
I tell you all you need , i use squid in transparent mode , the version is the 2.7stable 9 ( on Ubuntu ) with squidGuard , the https if i put the settings in the browser the https don't function , but you know that is not a solution , first because the user can set the settings manually ( especially on Win client , edit some key ) , second because they can use some programs like ultrasurf and they resolve https links.....i can denied all https connections , but i need that for banking and other utilietis and so i need only to apply the filter on this connection , or redirecting the https on http...tell me my friend Net_Spy the solution that you have found :-)

Regards

...and....
You both re-opened a thread that was closed for TWO YEARS, and which was originally older than that, which isn't a good thing to do; post your own thread for your own questions. Second, this isn't the place to come for personalized, one-on-one email tech support. This is a COMMUNITY forum...if you don't participate here, then you need to PAY someone to spoon-feed you the answers to your email or give them to you over the phone.

As net_spy was told in this thread (and the OTHER thread opened with the same question), there are ways to perform some functions with https, but again you need to THINK about what https IS, and why a proxy server won't work for it. The suggestions in this thread are valid...follow them.

May want to read the UPDATED thread: http://www.linuxquestions.org/questi...curity-930878/

Hey i use "SQUID 2.7.STABLE8" under windows for several reasons.
the Domain Blocking from the example here work.

But how to block an SSL URL? like:
That blocks an Ads Video who is played before the Clip come.
thanks!!!


(sorry i have to please the url with %)

Read the LQ Rules...you have re-opened a THREE YEAR OLD THREAD, to post your own question...which was closed for TWO YEARS before the last couple of folks re-opened it.

They both *CLAIM* to have a 'solution', but (not surprisingly), haven't ever posted it, because it doesn't exist. Check the previous responses/links in this very thread, for why this won't work.