Search squid archive

Re: Newbie question, How to fully disable/disallow https?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 6/22/21 5:33 PM, Arctic5824 wrote:
> I am now using: https://paste.gg/p/anonymous/e7d5080091bc400e8a75e8285b3dea77
> instead of "http_access allow all" i replaced that line with "http_access allow all !CONNECT"
> 
> and it seems to be working, atleast in my browser, yet i still see some users using https,

> 359 5.253.19.75 TCP_MISS/502 4957 GET https://search.yahoo.com/search? - HIER_DIRECT/212.82.100.137 text/html

> Im not sure how they are doing this, I'd like to prevent this

It looks like they are sending plain text "GET https://..."; requests to
your Squid. Popular browsers would not do that, but many other clients
can. As I mentioned earlier, you also need to deny such requests. I am
not sure what the best way to do that is, but you can try something like
this:

acl usesHttpsScheme url_regex -i ^https:
...
http_access deny CONNECT
http_access deny usesHttpsScheme
...


Or you can be even more strict and only allow http: scheme:


acl usesHttpScheme url_regex -i ^http:
...
http_access deny CONNECT
http_access deny !usesHttpScheme
...


None of the above configuration snippets were tested by me. Be careful
with the order of your http_access rules.


HTH,

Alex.
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users



[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux