This seems all good and well if you're just proxying traffic to your own servers... but if you want to run an actual proxy this doesn't really make sense any more.
You can block HTTPS through Squid, and even do some redirection with your firewall too - but when it comes to whether it will work, your problem is with the browsers - and everyone else on the internet: as a start, you might want to read up on https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security - and browser implementations. The only way to force HTTP, or to redirect to it, is to compile and ship your own browsers too - and that would be a terrible idea as anyone (on the planet) who found out that you have people using such modified browsers, would be able to impersonate the sites they visited and steal their credentials, in many cases without them knowing. This is the actual problem that HTTPS and HSTS helps prevent.
You can install your own certificates and follow https://wiki.squid-cache.org/Features/SslBump and then redirect to a non-HTTPS page, but even so no up to date browser will obey the redirect if HSTS is enabled for the site.
If it's caching you want to do, there was a time that you could cache almost everything and emulate a 1Gbps connection on a 256kbps ADSL line... but that time ended around 2010... we're now in 2021... it is now cheaper and easier (esp. if you consider the cost of your time) than ever to just build fast connections to the internet than ever before. Get yourself a Starlink modem and share the connection - and costs - with your street, if you're trying to save on bandwidth. I understand all about wanting to cache things and run things offline and not having connectivity...
If you want to cache content the proper way today, you will need to make deals with the content providers you're trying to cache, and then set up the infrastructure to host their content on your own server, and either get them to issue you with SSL Certificates or point their DNS to you... or easier, just connect to people who have already done this and already has servers in a regional data center near you.
Alternatively, I guess you could mirror or spider some sites, and then just host them on your non-HTTPS mirror. Likely against the wishes and terms of those sites... but no proxy needed. But if you started messing with a proxy and DNS in front of it, it would just break on all browsers today.
A better way to do it would be to write a browser addon that modifies the URL to a custom url much like https://web.archive.org/http://web.archive.org does it by just having the whole URL as the actual URL path... but why not just browse the Web Archive directly then... bonus, they run a Non-SSL version of the whole archive! No need to mess with anything.
If it's just a package repository you want to cache... it almost certainly still has http support if you dig deeper... but you might want to enable whatever hash checking mechanisms it has to save yourself some grey hairs.
Perhaps if you shared your actual use case we could help you come up with a better (and more responsible and sustainable) solution?
On Tue, 22 Jun 2021 at 21:32, Arctic5824 <arctic5824@xxxxxxxxxxxxxx> wrote:
Hello, Recently I setup my first squid proxy,I want it when users try to acces a website via https, they get redirected to the http version, I tried disabling https by reading the comments in the config, the squid docs, and online forums, but I am unable to figure this out, I also tried blocking port 443 using ufw but it just resulted in users timing out.Please rest assured I understand the security and other risks this brings, thanks.To reiterate as this email is a bit long, I'd like to know how to dis-allow https and redirect users to http versions of websites when they try to use https_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users