Instead of dstdomain, you could use a regular expression. You could use a pattern like: ^(www\.)?(google\.com?(\...)?) Which would catch: google.co google.com google.co.XX where XX is any two characters google.com.XX "" "" (with and without www.) That would probably catch most of them without blocking too many legitimate sites. However, I think Google uses encrypted.google.com for HTTPS. -Dan -----Original Message----- From: Marcus Kool [mailto:marcus.kool@xxxxxxxxxxxxxxx] Sent: Monday, July 26, 2010 8:37 AM To: Henrik Nordström Cc: Dave Burkholder; squid-users@xxxxxxxxxxxxxxx Subject: Re: Google SSL searches If you want to block HTTPS for Google you need to block it for all domains including google.co.uk, google.com.br, google.co.nz google.com.au and 130 more. Henrik Nordström wrote: > tor 2010-05-27 klockan 15:35 -0400 skrev Dave Burkholder: > >> Is there some way to specify via a Squid ACL that requests via port 443 to >> google.com are blocked, but requests to google.com via port 80 are allowed? > > acl https port 443 > acl google dstdomain google.com > http_access deny https google > > Regards > Henrik > > >
