how to block gmail & gtalk (https traffic)using squid

satishmali1983 · 06-22-2009, 07:02 AM

Hi
I am using Mandriva 2008.0 Edition. I want to block gmail & gtalk using squid proxy server.

I already block http traffic using squid proxy like http://www.gmail.com
but when user go trough using https://www.gmail.com then squid is unable to block these traffic.
Another problem is that i want to give access to gmail & gtalk from some special user's but block to rest of all others.
Please help me to sort out these problem

If it is not possible to block https traffics using squid porxy, please suggest me how to write iptable rules to block gmail & gtalk.

i am using "Firestarter" as firewall but it doesn't provide option to block
ip address.

fpmurphy · 06-22-2009, 07:11 AM

Rather than trying to block access in Squid, I would do all this type of stuff in iptables i.e.

Code:

iptables -A INPUT -s gmail.com -j DROP
iptables -A OUTPUT -d gmail.com -j DROP

vap16oct1984 · 06-23-2009, 06:30 AM

Its not goona work if u use iptables as it blocks for every user. Here the condition is different client want to block gmail or gtalk for some users only not for all.

Use acl in squid. u can do it easily there

satishmali1983 · 06-24-2009, 01:10 AM

Quote:

Originally Posted by vap16oct1984

Its not goona work if u use iptables as it blocks for every user. Here the condition is different client want to block gmail or gtalk for some users only not for all.

Use acl in squid. u can do it easily there

Thanks for your reply
But there is one problem with squid is unable to block https traffic, http traffic is blocked successfully & working fine. But for ex. if try to access https://www.gmail.com then user can access it.
If i try to block 443(https) port then all the secured site will block.

vap16oct1984 · 06-25-2009, 01:22 AM

hey why are u tying to block port 443 i u do this then all ur security port will blocked. So dont do this

just block the site not port.

https://mail.google.com/mail/