On Jan 24, 2011, at 1:09 PM, jamesj@xxxxxxxxxxxxxxxxxxxxx wrote: > Hello Folks, > > > > We're currently using squid + DG as a content filtering system and it's > fantastic. The problem lies with a combination of Squid + Safari and the > site facebook.com. Students can currently get around our blocks by > changing the protocol from http to https. The logs show that squid sees > the "CONNECT" function and tries to block it but it still passes through. > All other browsers it's fine and all other sites + safari it appears to > also be fine. Anyone have any ideas? We've tried blocking using DG and > then directly through squid by blocking the CONNECT function to facebook. > > Squid version 3.0.STABLE24 > Hi James, I ran into the same problem using squidguard. I used a pretty harsh denial in my firewall. My squid SG works in " intercept " mode so I wrote an IPFW statement to deny https for facebook. deny ip from any to 66.220.144.0/20 dst-port 443 deny ip from any to 69.63.176.0/20 dst-port 443 hope this helps -j
