Re: [squid-users] acl for ports 443

From: Chris Robertson <crobertson@dont-contact.us>
Date: Mon, 10 Apr 2006 16:56:39 -0800

Dwayne Hottinger wrote:

>Quoting Mark Elsen <mark.elsen@gmail.com>:
>
>
>
>>>I dont want to block all ssl sites. However, for some reason any url that
>>>
>>>
>>has
>>
>>
>>>https: in it, doesnt go through the proxy
>>>
>>>
>> - It should, in the default settings; check access.log for the failing
>>URI's.
>> - Check cache.log , for further error info , if any.
>>
>>
>>
>>>...
>>>
>>>
>> M.
>>
>>
>>
>Mark,
>Thanks for the insight. But I dont see any of the above in my cache.logs or my
>access.log. I think my firewall rules are causing everything on port 443 to
>bypass my filter. I have a rule for redirecting port 80 traffic to the proxy
>server, but nothing for port 443. Im going to explore that unless someone has
>a better idea.
>
>thanks,
>
>ddh
>
>
>--
>Dwayne Hottinger
>Network Administrator
>Harrisonburg City Public Schools
>
>
The subtle evils of intercepting proxies strike again. There is no way
to intercept https traffic (well, not without lots of warnings on the
client) because this is the very definition of a man-in-the-middle attack.

Chris
Received on Mon Apr 10 2006 - 18:56:53 MDT

This archive was generated by hypermail pre-2.1.9 : Mon May 01 2006 - 12:00:02 MDT