[squid-users] Redirecting URLs on HTTPS traffic

Grant Taylor gtaylor at tnetconsulting.net
Wed Sep 22 16:04:58 UTC 2021


On 9/22/21 6:44 AM, roee klinger wrote:
> Hello,

Hi,

> I have an internal network in our office where we want to redirect every 
> google search to a Duckduckgo search instead, I already have a script 
> written that knows how to take the Google URL and convert it to Duckduckgo.
> 
> I am reading about how to implement it on Squid, however everything I 
> can find is only referring to HTTP traffic, not HTTPS.
> 
> Is that possible to do using HTTPS?

I've not done what you are asking about.  However, based on the 
following, I do believe that it is possible to do what you are asking about.

1)  I've read about a couple different options to do redirection:
     a)  Redirection via Squid directives in squid.conf.
     b)  Use ICAP to modify the traffic.
2)  TLS bump-in-the-wire to get into the HTTPS stream and apply #1.
     I've got this working -- quite well -- at home.

#2 is probably your biggest hurtle.  I don't think it's /hard/, but 
there are nuances to it.
  - How you do the TLS BitW; peek vs snoop, when you do it.
  - The security / legality implications of intercepting TLS connections.
  - The logistics in installing the Root CA's public key that Squid uses.

But I believe what you are wanting to do is imminently possible.



-- 
Grant. . . .
unix || die

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4013 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20210922/64275a54/attachment.bin>


More information about the squid-users mailing list