On Fri, 23 Sep 2011 09:32:01 +0100, Dayo Adewunmi wrote:
> Hi
>
> I've noticed that some sites which I deny access to with http_access deny
> are blocked when accessed with http://example.com but accessible
> through https://example.com. How do I ensure the https://example.com
> is also blocked?
Depends on how you are blockign them and how yoru clients are using Squid.
If you are using interception to get the traffic into Squid, the only
way to block them is to firewall port 443. Ability to view HTTPS
internals is one of the things you loose when intercepting.
If the browsers are aware of the proxy and using CONNECT requests to
make https:// connections, then dstdomain will catch both http:// and
https:// forms.
Amos
My clients are using squid transparently. I've got this line in squid.conf
http_port 3128 transparent
And I'm blocking them like this:
I've got a file called denied.dat that contains lines of websites which
should be blocked, e.g.:
.facebook.com
.facebook.net
then back in squid.conf I have this:
acl academic01 time MTWHF 07:00-16:00
acl blocked dstdomain "/etc/squid/denied.dat"
http_access deny blocked academic01
Thanks
Dayo
Received on Tue Sep 27 2011 - 15:48:31 MDT
This archive was generated by hypermail 2.2.0 : Wed Sep 28 2011 - 12:00:03 MDT