Amos,
I would like to use e2guardian if possible, and after checking it out,
http://www.google.com/webhp?nord=1 does force the insecure, but previous
entries attempted just cause all searches to loop back to that same url
instead of passing it along.
We could use a regex option in squid, but since we want the rest of the
sites to be handled normally through e2guardian, what acl entries would
we use to set it up to only take effect on google.com? Essentially "if
dstdomain = google.com then use acl blocklist /etc/squid/badwords".
I have not used a 2 layer or referring acl setup before, but before now
never needed to.
Thank you so much for the help!
Mike
On 6/26/2015 0:29 AM, Amos Jeffries wrote:
On 26/06/2015 2:36 a.m., Mike wrote:
Amos, thanks for info.
The primary settings being used in squid.conf:
http_port 8080
# this port is what will be used for SSL Proxy on client browser
http_port 8081 intercept
https_port 8082 intercept ssl-bump connection-auth=off
generate-host-certificates=on dynamic_cert_mem_cache_size=16MB
cert=/etc/squid/ssl/squid.pem key=/etc/squid/ssl/squid.key
cipher=ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:AES128-SHA:RC4-SHA:HIGH:!aNULL:!MD5:!ADH
sslcrtd_program /usr/lib64/squid/ssl_crtd -s /var/lib/squid_ssl_db -M 16MB
sslcrtd_children 50 startup=5 idle=1
ssl_bump server-first all
ssl_bump none localhost
Then e2guardian uses 10101 for the browsers, and uses 8080 for
connecting to squid on the same server.
Doesn;t matter. Due to TLS security requirements Squid ensures the TLS
connection in re-encrypted on outgoing.
I am doubtful eth nord works anymore since Googles own documentation for
schools states that one must install a MITM proxy that does the traffic
filtering - e2guardian is not one of those. IMO you should convert your
e2guardian config into Squid ACL rules that can be applied to the bumped
traffic without forcing http://
But if nord does work, so should the deny_info in Squid. Something like
this probably:
acl google dstdomain .google.com
deny_info 301:http://%H%R?nord=1 google
acl GwithQuery urlpath_regex ?
deny_info 301:http://%H%R&nord=1 GwithQuery
http_access deny google Gquery
http_access deny google
Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users