Search squid archive

Re: How to allow one specific SSL-Site

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> > Stephan wrote:
> >> Environment: squid/2.7.STABLE5 on win32.
> >> Auth against Windows ActiveDirectory with mswin_auth.exe
> >>
> >> I want to allow one https-URL for all networkuser.
> >> So i have added this ruleset:
> >>
> >> acl erlaubthttps dstdomain .domain.tld (where domain.tld is the URL i
> >> want to allow) http_access allow erlaubthttps

you must allow CONNECT method to .domain.tld, since proxying https means
using CONNECT requests.

> >> When i try to open this site i'll get the Username/Password prompt from
> >> squid.
> >>
> >> When i test ist with normal http-Sites my rule is correct but with https
> >> it wont work.

> On Fri, 20 Mar 2009 09:55:51 -0800, Chris Robertson <crobertson@xxxxxxx>
> wrote:
> > Other http_access rules are interfering?
> > You aren't using the cache for HTTPS requests?

On 23.03.09 08:01, Stephan wrote:
> i don't think that i don't cache HTTPS requests.

The only way https can be cached is to use fake certificate, which most
(all?) browsers will notice and report, deny CONNECT requests and
intercept/deny all direct traffic. https is encrypted, which means that the
proxy does NOT know what you are requesting, it only can from
source/destination IP address, amount of data flowing and other indirect
informations.

> I don't have any rules for that.
> 
> Other http_access rules are working!


-- 
Matus UHLAR - fantomas, uhlar@xxxxxxxxxxx ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
On the other hand, you have different fingers. 

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux