On 28/09/11 04:47, Dayo wrote:
On Fri, 23 Sep 2011 09:32:01 +0100, Dayo Adewunmi wrote:
Hi
I've noticed that some sites which I deny access to with http_access deny
are blocked when accessed with http://example.com but accessible
through https://example.com. How do I ensure the https://example.com
is also blocked?
Depends on how you are blockign them and how yoru clients are using Squid.
If you are using interception to get the traffic into Squid, the only
way to block them is to firewall port 443. Ability to view HTTPS
internals is one of the things you loose when intercepting.
If the browsers are aware of the proxy and using CONNECT requests to
make https:// connections, then dstdomain will catch both http:// and
https:// forms.
Amos
My clients are using squid transparently. I've got this line in squid.conf
http_port 3128 transparent
Then port 443 (HTTPS) is out of reach. Squid does not decode intercepted
traffic. See above.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE9 or 3.1.15
Beta testers wanted for 3.2.0.12
