Search squid archive

Re: Squid proxy whitelisting with HTTPS URL filtering

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi!

Currently, I am using the version squid-3.5.12. I have configure the SSL bump this way:


http_port 8080 ssl-bump \
    cert=/usr/local/squid/etc/ssl_cert/myCA.pem \
    generate-host-certificates=on dynamic_cert_mem_cache_size=4MB

acl step1 at_step SslBump1

#sslproxy_options NO_SSLv2,NO_SSLv3,SINGLE_DH_USE

ssl_bump peek step1
ssl_bump bump all

I am able to do HTTP filtering, however, using doing an HTTPS url filter does not work. A specific example is whitelisting the following URL https://www.facebook.com/login, but I do not want to allow all of facebook’s traffic to be whitelisted, thus the url https://www.facebook.com should not be allowed.

Trying to do a url_regex to www.facebook.com/login will give me the default error page from squid. I am using firefox to use the proxy. And in the logs I am given a 403 error:

"GET https://www.facebook.com/login HTTP/1.1" 403 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:42.0) Gecko/20100101 Firefox/42.0” TAG_NONE:HIER_NONE

I do not want to whitelist the whole Facebook domain. I simply want to whitelist facebook.com/login, so that we can allow websites that uses Facebook login to use it.

Hope this helps.

Thanks!

Joru


On 28 Dec 2015, at 11:32 PM, Antony Stone <Antony.Stone@xxxxxxxxxxxxxxxxxxxx> wrote:

On Monday 28 December 2015 at 16:22:58, joru.pacs wrote:

Hi!

I am trying to set up squid to be a whitelist proxy which should be able to
filter both HTTP and HTTPS URLs.

I have already tried using SSL Bump

How?  What squid.conf did you use?  What results did you get?  What didn't
work?

I haven’t found anything or any good documentation that would help me to do
what I have just enumerated.

http://wiki.squid-cache.org/Features/SslPeekAndSplice should point you in the
right direction.

Please try that, and if you run into problems, let us know:

- what you have in squid.conf (without comments or blank lines)
- which exact version of Squid you are using
- which browser/s you are using
- which URL/s you are trying to access and having problems with
- what shows up in Squid's access log when you connect to those URLs

Good luck,


Antony.

--
Late in 1972 President Richard Nixon announced that the rate of increase of
inflation was decreasing.   This was the first time a sitting president used a
third derivative to advance his case for re-election.

- Hugo Rossi, Notices of the American Mathematical Society

                                                  Please reply to the list;
                                                        please *don't* CC me.
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux