[squid-users] acl for redirect

Mike mcsnv96 at afo.net
Tue Jun 23 23:03:28 UTC 2015


We have a server setup using squid 3.5 and e2guardian (newer branch of 
dansguardian), the issue is now google has changed a few things around 
and google is no longer filtered which is not acceptable. We already 
have the browser settings for SSL Proxy set to our server, and squid has 
ssl-bump enabled and working. Previously there was enough unsecure 
content on Google that the filtering was still working, but now google 
has gone 100% encrypted meaning it is 100% unfiltered. What is happening 
is it is creating an ssl tunnel (for lack of a better term) between 
their server and the browser, so all squid sees is the connection to 
www.google.com, and after that it is tunneled and not recognized by 
squid or e2guardian at all.

I found a few options online that was used with older squid versions but 
nothing is working with squid 3.5... Looking for something like this:

acl google dstdomain .google.com
deny_info http://www.google.com/webhp?nord=1 google
http_access deny google

Essentially want to have squid take all regular requests for google.com 
and send/relay it to the unsecured page at 
http://www.google.com/webhp?nord=1 which allows e2guardian to properly 
filter. With the current settings though, it goes to the squid access 
denied page.

Mike


More information about the squid-users mailing list