On Tue, 11 Oct 2011 21:21:23 +0100, Alex Crow wrote:
On 11/10/11 16:53, Luis Daniel Lucio Quiroz wrote:
2011/10/11 Alex Crow<alex@xxxxxxxxxxxxxxx>:
On 11/10/11 14:29, Eduardo Porte wrote:
Hi!
I'm trying withou success to block the site:
https://www.hidemyass.com.
My question is, how can I block some specifics HTTPS sites and
allow
others?
In this example, I need to block only https://www.hidemyass.com.
Which ACL in squid.conf should I use ?
Tks.
Are you using transparent mode? If so, you can't block HTTPS.
Alex
He hasn't tell it is transparent.
Because HTTPS is crypted, you can only block IP or domain name,
block the domain .hidemyass.com with dstdomain acl, this should work
LD
http://www.twitter.com/ldlq
He did now, and my assumption was correct. I can't guarantee it will
always be, but most of the time it seems that people think that
transparent mode can filter HTTPS.
I think I am becoming the default "HTTPS stuff does not work in
transparent mode"/"if you have control of the network - do PAC/WPAD
instead" guy on this list.
Amos - can we move this to the top of the "common gotchas" in the
FAQ? This must be about the 4th query with the same cause this month.
I'm suspecting its because there is a group of people actively
advertising interception and decryption now as a good thing. There are
still some limits still in place on intercept, but these are falling
away gradually as the corporate admin hack away in quest of absolute
control over the workers communications. I expect SSL will be as open
and vulnerable as HTTP is now in just a few years.
I've added a bit more documentation to the HTTPS page and bumped the
MITM section to the top.
http://wiki.squid-cache.org/Features/HTTPS
BTW, I sent you a logfile re: 3.2 auth, didn't make it to the list,
did you get it?
Nothing came in this last week IIRC. I have unfortunately not had time
to go over many of the auth bugs for the last few months. Just one in
Digest handling. If it was before that, its probably in my TODO list of
emails.
Amos
