Thanks for your email amos. is there any other way that we can get this done other than SSL_bump. any URL redirector program can help us... ( I did check here and usage of ssl_bump is illegal.) Thanks and Regards, Durga Prasath On Tue, Nov 12, 2013 at 1:35 PM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > On 12/11/2013 8:19 p.m., Durga Prasath wrote: >> Hello All, >> >> I am trying to setup Squid Proxy for our internal users. we want to >> restrict access to only a few domains and URLs. >> >> the requirement i have is, i should allow >> https://www.google.co.in/search and other URLs should be banned. Like >> if users try to access https://www.google.co.in/blogsearch or >> https://www.google.co.in/imagesearch should be restricted and only >> /search should be allowed. >> >> The options url_regex or urlpath_regex are not working. >> >> Can someone help on this requirement on how to setup this using squid? > > This is HTTPS traffic. > > When it goes through a HTTP proxy it uses special CONNECT requests. > Those requests contain *only* the domain name and port (usually 443) > being connected to, and some headers related to what agent is requesting > the tunnel connection be setup. Path and other parts of the URL are not > available for access control to use. > > To do what you want, you will have to hijack the HTTPS/SSL connection, > decrypt the users traffic, apply your controls, then re-encrypt. Squid > can do that with the SSL-bump feature, BUT before using it please check > with your local lawyer - using it is considered illegal wiretapping > and/or breach of privacy in many countries. > > Amos
