[squid-users] Squid proxy whitelisting with HTTPS URL filtering

[Rafael Akchurin]

Hello Joru,

May I humbly propose our ICAP server – see preconfigured VM at http://quintolabs.com/virtual.php.
Just get it, login into Web UI, switch on the HTTPS filtering as indicated on http://docs.diladele.com/administrator_guide_4_3/https_filtering/enable_https_filtering.html and adjust the Locked policy described at http://docs.diladele.com/faq/filtering/locked_policy.html.

The VA has default Ubuntu’s Squid 3.3.8 inside (rebuilt for HTTPS filtering support) – you might grab one from Eliezer at http://wiki.squid-cache.org/SquidFaq/BinaryPackages#KnowledgeBase.2FCentOS.Squid-3.5 . This one is better for HTTPS filtering.

Best regards,
Rafael

From: squid-users [mailto:squid-users-bounces at lists.squid-cache.org] On Behalf Of joru.pacs
Sent: Monday, December 28, 2015 4:23 PM
To: Amos Jeffries <squid-users at lists.squid-cache.org>
Subject: [squid-users] Squid proxy whitelisting with HTTPS URL filtering

Hi!

I am trying to set up squid to be a whitelist proxy which should be able to filter both HTTP and HTTPS URLs. Filtering a HTTP traffic is available using url_regex. However doing the same with HTTPS traffic, I saw is not easily available. For example I want to my whitelist to be able to allow the url: https://www.example.com/login<http://www.example.com/login>, but would not allow https://www.example.com nor https://sub.example.com nor https://www.example.com/other_path.

I have already tried using SSL Bump and tried to find any available ICAP or eCap component to go with it, but I haven’t found anything or any good documentation that would help me to do what I have just enumerated.

May I kindly as for any answer or any lead that would help me to satisfy the requirement?

Thanks in advance!

Joru Pacs
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20151228/03c4f949/attachment-0001.html>