Re: [squid-users] Block specific HTTPS site

From: Alex Crow <alex_at_nanogherkin.com>
Date: Tue, 11 Oct 2011 21:21:23 +0100

On 11/10/11 16:53, Luis Daniel Lucio Quiroz wrote:
> 2011/10/11 Alex Crow<alex_at_nanogherkin.com>:
>> On 11/10/11 14:29, Eduardo Porte wrote:
>>> Hi!
>>>
>>> I'm trying withou success to block the site: https://www.hidemyass.com.
>>>
>>> My question is, how can I block some specifics HTTPS sites and allow
>>> others?
>>>
>>> In this example, I need to block only https://www.hidemyass.com.
>>>
>>> Which ACL in squid.conf should I use ?
>>>
>>>
>>> Tks.
>> Are you using transparent mode? If so, you can't block HTTPS.
>>
>> Alex
>>
> He hasn't tell it is transparent.
>
> Because HTTPS is crypted, you can only block IP or domain name,
> block the domain .hidemyass.com with dstdomain acl, this should work
>
> LD
> http://www.twitter.com/ldlq
He did now, and my assumption was correct. I can't guarantee it will
always be, but most of the time it seems that people think that
transparent mode can filter HTTPS.

I think I am becoming the default "HTTPS stuff does not work in
transparent mode"/"if you have control of the network - do PAC/WPAD
instead" guy on this list.

Amos - can we move this to the top of the "common gotchas" in the FAQ?
This must be about the 4th query with the same cause this month. BTW, I
sent you a logfile re: 3.2 auth, didn't make it to the list, did you get it?

Cheers

Alex
Received on Tue Oct 11 2011 - 20:21:25 MDT

This archive was generated by hypermail 2.2.0 : Wed Oct 12 2011 - 12:00:02 MDT