squid server how to block https:www.website.com
hi. We are running squid stable 2.6 on centos and restrictions are based on mac addresses. There is one issue that i need to find solution of and that issue is how to block https sites. There are certain websites which are blocked using http, but they can be opened by https:website address e.g social websites and porn websites. Can anybody help on this issue
|
Quote:
1) block port 443 and use Layer7 matching for SSL/TLS packets and block them and allow certain trusted IPs on this port/L7-regex rule. 2) rate limit all connection on this port/L7 and just allow trusted ips to have full bandwidth ( like google , yahoo mail , etc ) this is the recommended way. |
squid server how to block https:www.website.com
Thanks for the help.If ISI server on windows is able to block https traffic then how can there is no solution in squid for this vary problem. Actually i need to block one or two websites having https://www.website.com by simply implementing the restrications in squid configuraton.So if someone knows how to do that it will a lot of help
|
https protocol will encrypt hostname too , this is by design , until you dont have private keys you cant do MITM and decrypt the data.
check this out: http://www.howtoforge.com/how-to-blo...with-safesquid |
If your squid isn't a transparent proxy, add this to your squid.conf file:
Code:
acl SSL method CONNECT |
All times are GMT -5. The time now is 06:20 PM. |