Search squid archive

RE: Blocking SSL Port does not work

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thanks. But how can I implement SSLBump to block port 443 for only specific
websites such as blocking Proxy Sites which use https?

-----Original Message-----
From: Matus UHLAR - fantomas [mailto:uhlar@xxxxxxxxxxx] 
Sent: Tuesday, July 06, 2010 5:24 PM
To: squid-users@xxxxxxxxxxxxxxx
Subject: Re:  Blocking SSL Port does not work

On 05.07.10 18:24, Malvin Rito wrote:
> I'm trying to block SSL port 443 on my squid server but no luck on several
> tries. My squid Server is running Transparent Mode.

You must block port 443 on your firewall, not on squid.

If you intent to block port 443, it's useless to redirect it to squid.

If you want to intercept port 443, you should know thatit's called
man-in-the-middle attack since the traffic is encrypted between browser and
server. While newest squid supports this by using SSLBump feature, browers
can detect that you did this because the squid's certificate won't match the
server name.

-- 
Matus UHLAR - fantomas, uhlar@xxxxxxxxxxx ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Chernobyl was an Windows 95 beta test site.



[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux