Thanks Hendrik.
I tried with both types for blocking https://gmail.com.
My conf is
acl gmail1 url_regex gmail.com mail.google.com
and
acl gmail dstdomain gmail.com mail.google.com
http_access deny gmail gmail1
Now https://gmail.com is blocking..
But all other https sites not working..
Error in browser.
while retrieving the url (disply ip address).
protocol error..
In access.log
only one https request goes..
GET https://gmail.com
Regards
Vivek
On ons, 2008-10-15 at 10:23 -0400, viveksnv@xxxxxx wrote:
My configuration is...
http_port 0.0.0.0:3128 transparent
https_port 0.0.0.0:3129 transparent
cert=/usr/local/squid-test/CA/servercert.pem
key=/usr/local/squid-test/CA/serverkey.pem
Iptable rules are:
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
--to-port 3128
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT
--to-port 3129
In cache.log
Accepting transparently proxied HTTP connections at 0.0.0.0, port
3128,
FD 12.
Accepting HTTPS connections at 0.0.0.0, port 3129, FD 13
In access.log while accessing https://gmail.com
TCP_MISS/200 2213 CONNECT gmail.com:443
This is not a transparently intercepted https request. This browser is
configured to use the proxy.
The https_port method will only work for transparently intercepted
requests, not when the browser is configured to use the proxy.
For this to work when the browser is configured to use the proxy you
need the sslbump feature available in the upcoming 3.1 release.
But problem is now gmail not blocked...
In http://gmail.com requests...it's blocked..
CONNECT requests is subject to the same http_access rules as http
access. If GET http://gmail.com is blocked but CONNECT gmail.com:443 is
not then check your access rules. A guess without seeing your ruleset is
that you are using url_regex instead of dstdomain type acls..
Regards
Henrik
________________________________________________________________________
You are invited to Get a Free AOL Email ID. - http://webmail.aol.in
