[squid-users] Squid proxy whitelisting with HTTPS URL filtering

Amos Jeffries squid3 at treenet.co.nz
Thu Dec 31 08:54:38 UTC 2015


On 2015-12-29 04:55, joru.pacs wrote:
> Hi!
> 
> Currently, I am using the version squid-3.5.12. I have configure the
> SSL bump this way:
> 
> http_port 8080 ssl-bump \
>     cert=/usr/local/squid/etc/ssl_cert/myCA.pem \
>     generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
> 
> acl step1 at_step SslBump1
> 
> #sslproxy_options NO_SSLv2,NO_SSLv3,SINGLE_DH_USE
> 
> ssl_bump peek step1
> ssl_bump bump all
> 
> I am able to do HTTP filtering, however, using doing an HTTPS url
> filter does not work. A specific example is whitelisting the following
> URL https://www.facebook.com/login, but I do not want to allow all of
> facebook’s traffic to be whitelisted, thus the url
> https://www.facebook.com should not be allowed.
> 
> Trying to do a url_regex to www.facebook.com/login [1] will give me
> the default error page from squid. I am using firefox to use the
> proxy. And in the logs I am given a 403 error:
> 
> "GET https://www.facebook.com/login HTTP/1.1" 403 "-" "Mozilla/5.0
> (Macintosh; Intel Mac OS X 10.11; rv:42.0) Gecko/20100101
> Firefox/42.0” TAG_NONE:HIER_NONE
> 

That tells that;
- the bumping is happening, and
- traffic being decrypted, and
- request is denied by your http_access rules.


So what are the other squid.conf contents?

Amos


More information about the squid-users mailing list