[squid-users] Redirecting URLs on HTTPS traffic
Grant Taylor
gtaylor at tnetconsulting.net
Wed Sep 22 16:04:58 UTC 2021
On 9/22/21 6:44 AM, roee klinger wrote:
> Hello,
Hi,
> I have an internal network in our office where we want to redirect every
> google search to a Duckduckgo search instead, I already have a script
> written that knows how to take the Google URL and convert it to Duckduckgo.
>
> I am reading about how to implement it on Squid, however everything I
> can find is only referring to HTTP traffic, not HTTPS.
>
> Is that possible to do using HTTPS?
I've not done what you are asking about. However, based on the
following, I do believe that it is possible to do what you are asking about.
1) I've read about a couple different options to do redirection:
a) Redirection via Squid directives in squid.conf.
b) Use ICAP to modify the traffic.
2) TLS bump-in-the-wire to get into the HTTPS stream and apply #1.
I've got this working -- quite well -- at home.
#2 is probably your biggest hurtle. I don't think it's /hard/, but
there are nuances to it.
- How you do the TLS BitW; peek vs snoop, when you do it.
- The security / legality implications of intercepting TLS connections.
- The logistics in installing the Root CA's public key that Squid uses.
But I believe what you are wanting to do is imminently possible.
--
Grant. . . .
unix || die
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4013 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20210922/64275a54/attachment.bin>
More information about the squid-users
mailing list