[squid-users] Newbie question, How to fully disable/disallow https?
squid3 at treenet.co.nz
squid3 at treenet.co.nz
Wed Jun 23 00:49:52 UTC 2021
On 2021-06-23 11:20, Arctic5824 wrote:
> hey sorry i accidently directly sent it again, instead of the email
> list:
>
>
> On Tuesday, June 22nd, 2021 at 3:50 PM, Antony Stone wrote:
>
>> You might want to be aware that this is illegal in many countries, and
>> a number of Internet Service Providers have been sued and/or fined for
>> manipulating the content of websites as they pass through their
>> systems.
>
> Thanks for the warning, I dont think this will really be a problem for
> me though.
>
>
> 1. What makes you believe that sites have an HTTP version?
>
> I dont see why they wouldnt, like sure they would prefer https but why
> would http not work if forced
>
Because this idea you have about changing advert content is not a
new thing.
It has been done and tried so many times in the past by others for
http:// traffic that the major content providers whose income depended
on those ads got together and started a project to get rid of http://
completely. They have had much success with the support of privacy
and security advocate groups.
>
> 2. What do you think should happen when sites do have an HTTP
> version, and that consists solely of a 301 Permanent Redirect to the
> HTTPS version
>
> I didnt think of this, this would be a problem i guess, but I dont
> think it would be too common.
Reality is that today the vast majority of websites still offering
http:// versions at all, do exactly that.
>
> Maybe squid isnt the right software for this?
Squid is fine for the content adaptation part of what you are wanting.
What is not going to work is the HTTP->HTTP conversion part. That is
because of protocol and Browser features. No intermediary software can
get around those without the SSL-Bump (or similar) mechanism - as
others already mentioned that too has its limits. TLS is specifically
designed to prevent intermediaries touching the content - the only
reliable action a proxy can do is terminate unwanted TLS connections.
Amos
More information about the squid-users
mailing list