Search squid archive

Re: Newbie question, How to fully disable/disallow https?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 2021-06-23 11:20, Arctic5824 wrote:
hey sorry i accidently directly sent it again, instead of the email list: 


On Tuesday, June 22nd, 2021 at 3:50 PM, Antony Stone wrote:
You might want to be aware that this is illegal in many countries, and a number of Internet Service Providers have been sued and/or fined for manipulating the content of websites as they pass through their systems. 

Thanks for the warning, I dont think this will really be a problem for
me though.


 1.  What makes you believe that sites have an HTTP version?

I dont see why they wouldnt, like sure they would prefer https but why
would http not work if forced



Because this idea you have about changing advert content is not a
new thing.

It has been done and tried so many times in the past by others for
http:// traffic that the major content providers whose income depended
on those ads got together and started a project to get rid of http://
completely. They have had much success with the support of privacy
and security advocate groups.



2.  What do you think should happen when sites do have an HTTP
version,  and that consists solely of a 301 Permanent Redirect to the
HTTPS version

I didnt think of this, this would be a problem i guess, but I dont
think it would be too common.


Reality is that today the vast majority of websites still offering
http:// versions at all, do exactly that.



Maybe squid isnt the right software for this?


Squid is fine for the content adaptation part of what you are wanting.

What is not going to work is the HTTP->HTTP conversion part. That is
because of protocol and Browser features. No intermediary software can
get around those without the SSL-Bump (or similar) mechanism - as
others already mentioned that too has its limits. TLS is specifically
designed to prevent intermediaries touching the content - the only
reliable action a proxy can do is terminate unwanted TLS connections.

Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux