Quote:
Originally Posted by aliabbass
hi. We are running squid stable 2.6 on centos and restrictions are based on mac addresses. There is one issue that i need to find solution of and that issue is how to block https sites. There are certain websites which are blocked using http, but they can be opened by https:website address e.g social websites and porn websites. Can anybody help on this issue
|
based on my knowledge you cant block https URL because the whole packet is encrypted, you could do two things:
1) block port 443 and use Layer7 matching for SSL/TLS packets and block them and allow certain trusted IPs on this port/L7-regex rule.
2) rate limit all connection on this port/L7 and just allow trusted ips to have full bandwidth ( like google , yahoo mail , etc ) this is the recommended way.