[squid-users] HTTPS site filtering
Amos Jeffries
squid3 at treenet.co.nz
Fri Jan 20 08:51:38 UTC 2017
On 20/01/2017 9:32 a.m., roadrage27 wrote:
> I was able to solve my previous issue of no connections and now have a
> working squid along with http site filtering and regex working nicely.
>
> My current issue is the need to allow only certain sites which do include
> some HTTPS sites. If i leave the line
>
> http_access deny CONNECT !SSL_ports
>
> within my conf file, no HTTPS traffic works,
That tells me either you have screwed up the CONNECT ACL definition. Or
the SSL_ports one.
I suspect that whatever you have done is making HTTPS no longer use port
443. That needs to be fixed.
> commenting it out and putting
> in
>
> http_access allow CONNECT SSL_ports
>
> allows SSL but it allows all sites that are available to work with SSL to be
> accessed.
>
Quite. The security protection intended by that rule is to deny the
identifiably bad things and let your custom rules that follow decide
what is allowed.
> Is there a way to limit this access with an ACL and if so what is they
> syntax?
The required syntax is the default:
acl SSL_Ports port 443
acl CONNECT method CONNECT
http_access deny CONNECT !SSL_Ports
Since you say that is not working, the problem is elsewhere and ACL
definition will not solve the breakage.
If you still need help, we will need to see what your squid.conf
contains currently. And if you are intercepting, the rules used for
doing that.
Amos
More information about the squid-users
mailing list