On 16.12.08 13:51, Ricardo Augusto de Souza wrote: > I AM used to block sites using: > > > acl bad_sites dstdomain "/etc/squid/bad_sites.txt" > > http_access deny bad_sites > > > > With this my users cannot access all domains listed in > "/etc/squid/bad_sites.txt" using http but they can access using https. squid does not see what's in https requests, they are enctypted. That's that the "s" means (secure): only client and server know what's inside, nobody other. you can disable CONNECT method to those hots. You may need to disable CONNECT to IP addresses. Or you may do an MITM attack and use sslbump (which means, https won't be secure anymore for your clients). Clients will detect it - they will see certificate mismatch (since you won't be able to provide anyone's certificate but yours) > How do I solve this? disable https? -- Matus UHLAR - fantomas, uhlar@xxxxxxxxxxx ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Support bacteria - they're the only culture some people have.
