On ons, 2008-11-05 at 17:57 +0530, sohan krishi wrote: > My configuration is Ubuntu-iptables-squid2.6/Transparent Proxy. I > block gmail to all employees in my company. My problem is, squid does > not block https://gmail.com. And does not even log https://gmail.com ! > I didn't knew this until I've seen one of our employe browsing gmail! It's because https is encrypted on port 443. > I did add this to my iptables : #iptables -t nat -A PREROUTING -i eth1 > -p tcp --dport 443 -j DNAT --to eth0:3128 but get this meesage in > access.log : error:unsupported-request-method It's because https is encrypted. It sort of works it you redirect it to an https_port, but probably not what you want as it breaks many things. The proper soultion to all this is to use proxy settings. It's fairly easy to roll out proxy settings company wide using group policies or login scripts or eeven auto discovery using WPAD, and then use interception and firewalling only as a backup method for those who for some reason did not get the prexy settings. > Can anyone please help me how to block gmail. I want to block > gmail/gtalk to all IPs except couple of IPs. You'll have to block pore 443 traffic to all addresses used by google servers almost.. Regards Henrik
Attachment:
signature.asc
Description: This is a digitally signed message part
