squid server how to block https:www.website.com
 

hi. We are running squid stable 2.6 on centos and restrictions are based on mac addresses. There is one issue that i need to find solution of and that issue is how to block https sites. There are certain websites which are blocked using http, but they can be opened by https:website address e.g social websites and porn websites. Can anybody help on this issue

based on my knowledge you cant block https URL because the whole packet is encrypted, you could do two things:
1) block port 443 and use Layer7 matching for SSL/TLS packets and block them and allow certain trusted IPs on this port/L7-regex rule.
2) rate limit all connection on this port/L7 and just allow trusted ips to have full bandwidth ( like google , yahoo mail , etc ) this is the recommended way.

squid server how to block https:www.website.com
 

Thanks for the help.If ISI server on windows is able to block https traffic then how can there is no solution in squid for this vary problem. Actually i need to block one or two websites having https://www.website.com by simply implementing the restrications in squid configuraton.So if someone knows how to do that it will a lot of help

https protocol will encrypt hostname too , this is by design , until you dont have private keys you cant do MITM and decrypt the data.
check this out:
http://www.howtoforge.com/how-to-blo...with-safesquid

If your squid isn't a transparent proxy, add this to your squid.conf file:

If your squid is a transparent proxy, there is no easy way to do it. But it can be done.