I have an FC4 box that has squid and iptables running to prevent users from accessing any sites other than the ones I want them to access. I drop all requests by default. I then have this rule in place:
acl allowed_sites url_regex "/etc/squid/Allowed_Sites.txt".
In the Allowed_Sites.txt file I have the sites they are allowed to go to. This has been in place and working fine for a couple of years. The company discovered a couple of weeks ago that some of the users have figured out how to beat the restrictions.
As an example, they try to go to
http://www.tricityplating.com. Squid pops up the message telling them that the site is restricted. They then change the url to
https://www.tricityplating.com and are able to go to the site. This does not work on all sites. However, it works on quite a few sites. Users being as they are, the word has started to leak out and we are seeing more sites being accessed that are not in the Allowed_Sites.txt file.
I need to block port 443 access except for the sites I want them to visit. It would be nice if I could do it with a text file like I do for the http sites. That allows the manager to edit the text file and add https sites as needed.
I tried redirecting port 443 in iptables to port 3128 like I do with port 80. That stopped all https access, including sites that were in the Allowed_Sites.txt file. I still need to give them https access to authorized sites.
I have started blocking the sites by putting DROP statements in iptables to block the sites as the company discovers them. However, this means they have to catch them going to the sites with a monitoring program (which they have). I would prefer to do it through squid if possible so that only allowed sites are accessible just like I am doing with http sites.
Any help would be appreciated.