help in blocking https

venki · 06-18-2007, 06:48 AM

HI all,
Please help me,i am trying to block https from 2 days still there is no use.
what to do in squid.conf? http is blocking correctly.I am using IPCOP

plz help me
thks and regards
______________

win32sux · 06-18-2007, 12:50 PM

did you remove port 443 from your ACLs?? is the squid box doing any SNAT??

venki · 06-26-2007, 01:21 AM

hi,
i don't want to block all https sites only few sites.

win32sux · 06-26-2007, 04:05 AM

Quote:

Originally Posted by venki

i don't want to block all https sites only few sites.

It would go something like this:

Code:

acl https_port port 443
acl bad_https_sites dstdomain .microsoft.com
acl bad_https_sites dstdomain .cnn.com
acl bad_https_sites dstdomain .google.com
http_access deny https_port bad_https_sites

With this example, you should be able to use these (and any others):

http://www.microsoft.com/
http://www.cnn.com/
http://www.google.com/

But these should generate an Access Denied:

https://www.microsoft.com/
https://www.cnn.com/
https://www.google.com/

venki · 06-28-2007, 01:26 AM

hi win32sux,

i have put ur script in squid.conf file...still there is no use!
microsoft cnn every thing is coming!
help me

win32sux · 06-28-2007, 02:44 AM

Quote:

Originally Posted by venki

hi win32sux,

i have put ur script in squid.conf file...still there is no use!
microsoft cnn every thing is coming!
help me

Actually, I tested it before posting it and I confirmed it worked well, meaning it did what I thought you wanted (to block an HTTPS site without blocking its HTTP counterpart). There might be something wrong somewhere else in your squid.conf, can you post it? Use a command like this to strip comments and spaces:

Code:

cat /etc/squid/squid.conf | grep -v ^# | grep -v ^$

Also, make sure you reconfigure Squid after you make changes to the conf file.

Code:

squid -k reconfigure