Here is a quick one:
access.log example:
1095314931.769 109912 192.168.X.X TCP_MISS/200 12387 CONNECT mbn.microsoft.com:443 - DIRECT/207.68.167.45 -
[Proxy-Connection: Keep-Alive\r\nHost: mbn.micr osoft.com:443\r\n] []
This a real example from our access.log
and in the squid.conf file:
##### CONNECT proto - allow goodsites
acl goodsslsites dstdom_regex "/tmp/ssl_sites"
http_access deny !goodsslsites goodhttps
##### Protocol restrictions
acl goodhttp proto HTTP
acl goodftp proto FTP
acl goodhttps proto CONNECT
http_access deny !goodhttp httpstand_ports
http_access deny !goodftp ftpstand_ports
http_access deny !goodhttps SSL_ports
This only allows access over HTTPS (port 443) to domains listed in the /tmp/ssl_sites file and only allows certain
protocols over certain ports.
Michael.
On Thu, 16 Sep 2004 17:20:32 -0300 (ART)
Giancarlo Boaron <gboaron@yahoo.com.br> wrote:
> Ok. That's a good idea. So, using the connect method
> is possible to register all of the HTTPS activity in
> access.log, right?
> Could you please send me some example about how to set
> up ACLs based on the CONNECT method?
>
> Thank you
> Giancarlo
>
> --- Michael Gale <michael.gale@utilitran.com>
> escreveu:
> > Hello,
> >
> > Squid can not filter the content of a HTTPS
> > connection or the URL but it can still act as a
> > proxy for HTTPS connections
> > using the CONNECT method. Using squid for this will
> > provide logging information on who is connecting to
> > what IP /
> > domain.
> >
> > This can be use full because there are a lot of
> > tunnel software on the web designed to bypass proxy
> > servers using this
> > method. For example some people may want to run MSN
> > messenger on the network which is blocked ... so
> > they install this
> > simple tunnelling software allowing them to to have
> > the MSN client make a connection over the tunnel to
> > a socks proxy
> > externally for MSN.
> >
> > We only allow HTTPS connections to a list of
> > domains.
> >
> > Michael.
> >
> > On Thu, 16 Sep 2004 16:54:48 -0300 (ART)
> > Giancarlo Boaron <gboaron@yahoo.com.br> wrote:
> >
> > > Hello!
> > > I'm planning to use squid as a transparent proxy
> > for
> > > my LAN.
> > > I now squid can't act as a transparent proxy when
> > > using the HTTPS protocol and it even registers
> > this
> > > kind of access in my access.log file.
> > > So, can I register this kind of access in my
> > > access.log file or I just have to let this
> > protocol go
> > > in and out on my iptables script (using FORWARD).
> > >
> > > Besides, what are the advantages and disadvantages
> > of
> > > using transparent proxy when concerning about
> > > security, configuration facilities, network
> > > performances, etc ??
> > >
> > > Thank you.
> > > Giancarlo
> > >
> > >
> > >
> > >
> > >
> > >
> >
> _______________________________________________________
> > > Yahoo! Messenger 6.0 - jogos, emoticons sonoros e
> > muita diversão. Instale agora!
> > > http://br.download.yahoo.com/messenger/
> > >
> > >
> > >
> > >
> >
> >
> > --
> > Michael Gale
> > Network Administrator
> > Utilitran Corporation
> >
>
>
>
>
>
> _______________________________________________________
> Yahoo! Messenger 6.0 - jogos, emoticons sonoros e muita diversão. Instale agora!
> http://br.download.yahoo.com/messenger/
>
>
>
>
-- Michael Gale Network Administrator Utilitran CorporationReceived on Thu Sep 16 2004 - 15:10:41 MDT
This archive was generated by hypermail pre-2.1.9 : Fri Oct 01 2004 - 12:00:02 MDT