We are doing the same by the following.
1. At squid.conf :
acl Banned_URLs url_regex -i "/etc/squid/banned_urls.txt"
http_access allow FullTime_DnlUpl !Banned_URLs
2. At The file /etc/squid/banned_urls.txt :
www.xxxxx.com:443
Thankx,
Niladri Mukherjee
IT Deptt.,
M.N.Dastur & Company (P) Ltd., 3rd Floor,
Kolkata, West Bengal.
Ph: 91 33 22250500/5420, Ext: 580
Fax: 91 33 22251422
"Amos Jeffries"
<squid3@xxxxxxxxx
o.nz> To
"Ali Hardogan"
11/08/2008 05:53 <alihardogan@xxxxxxxxx>
AM cc
"squid-users"
<squid-users@xxxxxxxxxxxxxxx>
Subject
Re: URL filtering on
HTTPS (transparently)
> Hello,
>
> I'd like to filter URLs used with https, in transparent proxy mode.
>
> I understand that once the HTTPs encrypts the payload between the web
> client and the web server, there is no way to snooping the encrypted
> data without breaking/failing crypto.
> But all I need is to be able to apply blacklisted URLs to the HTTPs
> requests, and the URLs appear in the clear in HTTPS packets (no
> encryption).
>
> Is there any way to achieve that with squid?
> If not, how do people achieve filtering of blacklisted URLs on HTTPs
> traffic transparent to the PCs (no configuration on the PCs allowed)
> -- considering all the other Linux tools?
Squid 3.1 has an SSLBump feature which may be twisted to handle SSL
interception. But we have as yet had no confirmed success with that. It is
designed for standard forward-proxies, so no guarantees.
Other than that very small ray of hope, there is no capability in squid
for intercepting and decrypting of SSL traffic.
What you are attempting to do after all is a middle-man attack on your
customers security systems. It's far better to be open and public about
the proxy. Publish details and get clients to configure it either directly
or via WPAD/PAC.
Amos
