[squid-users] Newbie question, How to fully disable/disallow https?
Alex Rousskov
rousskov at measurement-factory.com
Tue Jun 22 20:37:16 UTC 2021
On 6/22/21 4:28 PM, Arctic5824 wrote:
>> To disable HTTPS access through the proxy, simply deny all CONNECT
>> requests using http_access rules.
> Hey! thanks for the info, I just tried that but it seems https is still being allowed, and I can see it in the logs as well
> "TCP_TUNNEL/200 717 CONNECT s.youtube.com:443 -"
> my config is https://pastebin.com/8txzkEnG
> and a version of the config without comments: https://pastebin.com/zuJYQpXW
> acl CONNECT method CONNECT
> http_access allow localhost
> http_access deny CONNECT
Squid bugs notwithstanding, either your Squid is not running with the
configuration that you have shared with us OR that logged request comes
from localhost. If you are not sure, I suggest shutting down Squid,
making sure that nobody listens on port 3128 and then restarting Squid.
Due to the first http_access rule, the test request must not come from
the same machine Squid runs on.
HTH,
Alex.
P.S. If you are worried about custom clients or scripts (not regular
browsers) bypassing your controls, then you will also need to ban "GET
https://..." requests, but let's figure out the above basics first.
More information about the squid-users
mailing list