Search squid archive

Re: Need help on Squid Setup

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thanks for your email amos. is there any other way that we can get
this done other than SSL_bump. any URL redirector program can help
us... ( I did check here and usage of ssl_bump is illegal.)


Thanks and Regards,
Durga Prasath



On Tue, Nov 12, 2013 at 1:35 PM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote:
> On 12/11/2013 8:19 p.m., Durga Prasath wrote:
>> Hello All,
>>
>> I am trying to setup Squid Proxy for our internal users. we want to
>> restrict access to only a few domains and URLs.
>>
>> the requirement i have is, i should allow
>> https://www.google.co.in/search and other URLs should be banned. Like
>> if users try to access https://www.google.co.in/blogsearch or
>> https://www.google.co.in/imagesearch should be restricted and only
>> /search should be allowed.
>>
>> The options url_regex or urlpath_regex are not working.
>>
>> Can someone help on this requirement on how to setup this using squid?
>
> This is HTTPS traffic.
>
> When it goes through a HTTP proxy it uses special CONNECT requests.
> Those requests contain *only* the domain name and port (usually 443)
> being connected to, and some headers related to what agent is requesting
> the tunnel connection be setup. Path and other parts of the URL are not
> available for access control to use.
>
> To do what you want, you will have to hijack the HTTPS/SSL connection,
> decrypt the users traffic, apply your controls, then re-encrypt. Squid
> can do that with the SSL-bump feature, BUT before using it please check
> with your local lawyer - using it is considered illegal wiretapping
> and/or breach of privacy in many countries.
>
> Amos




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux