On 6/22/21 3:32 PM, Arctic5824 wrote: > Hello, Recently I setup my first squid proxy, > > I want it when users try to acces a website via https, they get > redirected to the http version, I tried disabling https by reading the > comments in the config, the squid docs, and online forums, but I am > unable to figure this out, I also tried blocking port 443 using ufw but > it just resulted in users timing out. > > Please rest assured I understand the security and other risks this > brings, thanks. > To reiterate as this email is a bit long, I'd like to know how to > dis-allow https and redirect users to http versions of websites when > they try to use https To disable HTTPS access through the proxy, simply deny all CONNECT requests using http_access rules. Redirecting HTTPS attempts to HTTP is a lot harder and is unreliable. You will have to bump TLS connections and then deny all bumped requests with a redirection response (that many browsers may not even follow -- you should test this). This will not work in many cases because TLS is not supposed to be bumped -- many clients and origin servers will work hard to prevent you from bumping their connections. See ssl_bump and deny_info for starting points. HTH, Alex. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
