Dwayne,
If you do not redirect+filter HTTPS you can never block
HTTPS-based proxies. To be able to filter HTTPS the
browsers must be configured to use Squid for HTTP and HTTPS.
Once Squid also proxies the HTTPS traffic, you may use
ufdbGuard.
ufdbGuard is a free redirector which can block HTTPS traffic by
- optionally blocking URLs with an IP address
- optionally blocking sites without a properly signed SSL certificate
- optionally blocking SSH and other tunnels that use HTTPS
- optionally use a URL database
ufdbGuard supports free URL databases and a commercial URL database.
-Marcus
dhottinger@xxxxxxxxxxxxxxxxxxxxxx wrote:
Quoting Amos Jeffries <squid3@xxxxxxxxxxxxx>:
Tarak Ranjan wrote:
Hi List;
It's really surprising for me that my proxy has been
bypassed by on of the user using the "proxybuilder"
proxy. what it's doing is that that particular php
based proxy rewrite the mimetype. and that request
going through my actual proxy server, but as that
script is rewriting the mime type and it's encrypting
as test/html.
Overall whatever the mime type based ACL i have in my
server it's ignoring them. and that person has the
access of those blocked urls .
has anyone faced this kind of situation........
Yes, many have. It's a old and never-ending battle for those who are
involved.
You could try enumerating all the badness as most beginners do. You
could hand in the towel early and cease to care about your users
wellbeing. Or you could play a bit with the serious avioders.
Just imagine, redirecting all porn sites downloads seamlessly to
tubgirl dot com for one gross example.
Or if you have families to think of, building a kitten-net can be fun
http://ex-parrot.com/~pete/upside-down-ternet.html
Amos
--Please use Squid 2.6.STABLE19 or 3.0.STABLE4
Just a quick question. How would you redirect those requests, if the
proxy server doesnt recognize them? Most of my users doing this are
using https sites that dont go through my proxy server. My firewall
only redirects port 80 traffic to my proxy server. If I could redirect
these people that would be great.
ddh
--Dwayne Hottinger
Network Administrator
Harrisonburg City Public Schools
"Everything should be made as simple as possible, but not simpler."
-- Albert Einstein