Search squid archive

Re: Need help on Squid Setup

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 12/11/2013 8:19 p.m., Durga Prasath wrote:
> Hello All,
> 
> I am trying to setup Squid Proxy for our internal users. we want to
> restrict access to only a few domains and URLs.
> 
> the requirement i have is, i should allow
> https://www.google.co.in/search and other URLs should be banned. Like
> if users try to access https://www.google.co.in/blogsearch or
> https://www.google.co.in/imagesearch should be restricted and only
> /search should be allowed.
> 
> The options url_regex or urlpath_regex are not working.
> 
> Can someone help on this requirement on how to setup this using squid?

This is HTTPS traffic.

When it goes through a HTTP proxy it uses special CONNECT requests.
Those requests contain *only* the domain name and port (usually 443)
being connected to, and some headers related to what agent is requesting
the tunnel connection be setup. Path and other parts of the URL are not
available for access control to use.

To do what you want, you will have to hijack the HTTPS/SSL connection,
decrypt the users traffic, apply your controls, then re-encrypt. Squid
can do that with the SSL-bump feature, BUT before using it please check
with your local lawyer - using it is considered illegal wiretapping
and/or breach of privacy in many countries.

Amos




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux