On 28/09/11 04:47, Dayo wrote:
>> On Fri, 23 Sep 2011 09:32:01 +0100, Dayo Adewunmi wrote:
>>> Hi
>>>
>>> I've noticed that some sites which I deny access to with http_access deny
>>> are blocked when accessed with http://example.com but accessible
>>> through https://example.com. How do I ensure the https://example.com
>>> is also blocked?
>>
>> Depends on how you are blockign them and how yoru clients are using Squid.
>>
>> If you are using interception to get the traffic into Squid, the only
>> way to block them is to firewall port 443. Ability to view HTTPS
>> internals is one of the things you loose when intercepting.
>>
>> If the browsers are aware of the proxy and using CONNECT requests to
>> make https:// connections, then dstdomain will catch both http:// and
>> https:// forms.
>>
>> Amos
>
> My clients are using squid transparently. I've got this line in squid.conf
>
> http_port 3128 transparent
>
Then port 443 (HTTPS) is out of reach. Squid does not decode intercepted
traffic. See above.
Amos
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.15 Beta testers wanted for 3.2.0.12Received on Mon Oct 03 2011 - 04:24:19 MDT
This archive was generated by hypermail 2.2.0 : Mon Oct 03 2011 - 12:00:02 MDT