On 12/11/2013 8:19 p.m., Durga Prasath wrote: > Hello All, > > I am trying to setup Squid Proxy for our internal users. we want to > restrict access to only a few domains and URLs. > > the requirement i have is, i should allow > https://www.google.co.in/search and other URLs should be banned. Like > if users try to access https://www.google.co.in/blogsearch or > https://www.google.co.in/imagesearch should be restricted and only > /search should be allowed. > > The options url_regex or urlpath_regex are not working. > > Can someone help on this requirement on how to setup this using squid? This is HTTPS traffic. When it goes through a HTTP proxy it uses special CONNECT requests. Those requests contain *only* the domain name and port (usually 443) being connected to, and some headers related to what agent is requesting the tunnel connection be setup. Path and other parts of the URL are not available for access control to use. To do what you want, you will have to hijack the HTTPS/SSL connection, decrypt the users traffic, apply your controls, then re-encrypt. Squid can do that with the SSL-bump feature, BUT before using it please check with your local lawyer - using it is considered illegal wiretapping and/or breach of privacy in many countries. Amos
