The problem is not Squid nor HTTPS. The problem is that the HTTP protocol has a standard that allows redirection and the HTTPS protocol does not. The HTTPS protocol was designed to be secure and does not allow any type of interference. So, all filtering technologies have the same issue: how to block HTTPS sensibly ? Blocking is easy: one redirects or closes a socket and the user/browser cannot get the content of the HTTPS-based URL. But how to do it sensibly ? One can choose to redirect a HTTPS URL to another HTTPS URL. This works a little: the redirect itself works but the browser will issue a warning saying "I do not trust this site: the certificate is wrong". This is a little better than browser messages like "cannot connect". ufdbGuard, an alternative for squidGuard, by default redirects to https://blockedhttps.urlfilterdb.com so the name of the site may give a hint to the user that the content is being blocked. Marcus On 10/17/2013 06:17 AM, Alessandro Dentella wrote:
Hi, I'm struggling with squidguard and https redirect. I setup squid to handle https and http connection, squidguard correctly blocks what is to be blocked but I cannot understand how to manage redirect. I'm usig squid rel 2.7 and authentication is done via ntlm. I get a correct redirect for http but when using https I get an error. I read all what I found and the more significant messages I found are on squid list: http://www.mail-archive.com/squid-users@xxxxxxxxxxxxxxx/msg58433.html suggests to use 302: in front of the redirect url, but in my case it doesn't work (Errore 111 (net::ERR_TUNNEL_CONNECTION_FAILED): unknown Error.) http://www.mail-archive.com/squid-users@xxxxxxxxxxxxxxx/msg70871.html suggests that https and squidGuard do not work well toghether. Is that true? Any hint is really appreciated sandro *:-)
