Re: [squid-users] Google SSL searches

From: Scott Horsley <scott.horsley_at_staff.netspace.net.au>
Date: Tue, 27 Jul 2010 10:46:27 +1000

On 27/07/10 7:32 AM, "Mellem, Dan" <Dan.Mellem_at_pomona.k12.ca.us> wrote:

> Instead of dstdomain, you could use a regular expression. You could use a
> pattern like:
>
> ^(www\.)?(google\.com?(\...)?)
>
> Which would catch:
> google.co
> google.com
> google.co.XX where XX is any two characters
> google.com.XX "" ""
> (with and without www.)

This would only "optionally" block www.google.com and any subs, but there
are heaps of sub domains associated with google. Henrick's solution is still
the cleanest.

Of course, just blocking it on a CONNET method should also work.

acl CONNECT method CONNECT
acl google dstdomain .google.com
http_access deny CONNECT google

Not sure how much different that is from Henricks solution but if (for some
unknown reason) google opened port 443 as non-ssl, had a legit site that
wasn't encrypted, and you had 443 in your safe-port list, then this method
"should" still work cleanly.

Scott

This email and any files transmitted with it are confidential and intended
 solely for the use of the individual or entity to whom they are addressed.
Please notify the sender immediately by email if you have received this
email by mistake and delete this email from your system. Please note that
 any views or opinions presented in this email are solely those of the
 author and do not necessarily represent those of the organisation.
Finally, the recipient should check this email and any attachments for
the presence of viruses. The organisation accepts no liability for any
damage caused by any virus transmitted by this email.
Received on Tue Jul 27 2010 - 00:46:37 MDT

This archive was generated by hypermail 2.2.0 : Tue Jul 27 2010 - 12:00:04 MDT