Search squid archive

Re: squid siscussion

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Anil Saini wrote:

thanks sir
i think i can control somehow thru this....gud one

but i didn't understand one question..i asked from u..that

example
when it write: http:\\example.com\cgi-bin\index.cgi
it is blocked...
but when i write the same thing like
https:\\example.com\cgi-bin\index.cgi
it open up
here the pattern that i want to block is cgi-bin/index.cgi

thanks once again
Well, are you terminating the SSL request at squid and re-sending a new request out? Or is the app tunneling it over plain-HTTP inside a CONNECT?
Because when HTTP gets tunnelled, squid never seens anything except the host:port or ip:port. The rest of the URI is encrypted inside the SSL and most versions of squid can't see that.
There are tricks with https_port and 3.1 has sslbump ports to do more with HTTPS. (Don't ask me for specifics, thats all I know) 

Amos
On Fri, Apr 11, 2008 at 5:55 PM, Amos Jeffries <squid3@xxxxxxxxxxxxx <mailto:squid3@xxxxxxxxxxxxx>> wrote: 

    Anil Saini wrote:

               i observed accessing thru these addresses on port 443
        when i open these address nothing opens...i think they are some
        anonymous
        addresses using tunnelling..

               1207766913.219 695575 172.16.4.80 <http://172.16.4.80>
        TCP_MISS/200 267712 CONNECT
        82.94.251.204:443 <http://82.94.251.204:443> -
        DIRECT/82.94.251.204 <http://82.94.251.204> -
        1207768700.577   7319 172.16.4.80 <http://172.16.4.80>
        TCP_MISS/200 2807 CONNECT
        85.25.141.145:443 <http://85.25.141.145:443> -
        DIRECT/85.25.141.145 <http://85.25.141.145> -


    It's usually what a lot of P2P applications do when they are forced
    to go through a proxy (I see a lot of these due to students with
    LimeWire).

    BUT, thats also just how some types of software send HTTPS requests,
    so outlawing it altogether can cause problems.

    The good-guys software usually sends a domain (ie example.com:443
    <http://example.com:443>).

    You block raw-IPs in CONNECT requests like so:

     acl CONNECT method CONNECT
     acl rawIP url_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
     http_access deny CONNECT rawIP

    (PS, I'm sure others can probably give you a more efficient regex here).

    NP:  If those "172.16.4.80 <http://172.16.4.80>" are external people
    connecting you have a serious open-proxy security problem.


    Amos
-- Please use Squid 2.6.STABLE19 or 3.0.STABLE4 




--
Anil Saini
M.E. - Software Systems
B.E. - Electronics and Communication

Project Assistant
CISCO LAB
Information Processing Center Unit
BITS-PILANI



--
Please use Squid 2.6.STABLE19 or 3.0.STABLE4
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux