[squid-users] Squid TPROXY issues with Google sites

[Benjamin E. Nichols]

Here is a list of google domains that may help you,

http://www.squidblacklist.org/downloads/whitelists/google.domains


On 5/26/2017 10:44 AM, Vieri wrote:
> Hi,
>
> I'd like to block access to Google Mail but allow it to Google Drive. I also need to intercept Google Drive traffic (https) and scan its content via c-icap modules for threats (with clamav and other tools which would block potentially harmful files).
>
> I've failed so far.
>
> I added mail.google.com to a custom file named "denied.domains" and loaded as denied_domains ACL in Squid. I know that in TLS traffic there are only IP addresses, so I created the "server_name" ACL as seen below.
>
> [...]
> acl denied_domains dstdomain "/usr/local/share/proxy-settings/denied.domains"
> http_access deny denied_domains !allowed_groups !allowed_ips
> http_access deny CONNECT denied_domains !allowed_groups !allowed_ips
> [...]
> reply_header_access Alternate-Protocol deny all
> acl AllowTroublesome ssl::server_name .google.com .gmail.com
> acl DenyTroublesome ssl::server_name mail.google.com
> http_access deny DenyTroublesome
> ssl_bump peek all
> ssl_bump splice AllowTroublesome
> ssl_bump bump all
>
> First of all, I was expecting that if a client tried to open https://mail.google.com, the connection would be blocked by Squid (DenyTroublesome ACL). It isn't. Why?
>
> Second, I am unable to scan content since Squid is splicing all Google traffic. However, if I "bump AllowTroublesome", I can enter my username in https://accounts.google.com, but trying to access to the next step (user password) fails with an unreported error.
>
> Any suggestions?
>
> Vieri
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

-- 
--

Signed,

Benjamin E. Nichols
http://www.squidblacklist.org

1-405-397-1360 - Call Anytime.