[squid-users] HTTPS Request Header acl
Amos Jeffries
squid3 at treenet.co.nz
Tue Feb 14 01:14:52 UTC 2023
On 14/02/2023 12:04 am, sanket jaiswal wrote:
> Hi Devs,
>
> I'm using Squid for my Outbound traffic filtering and I have one use
> case, I'm tryning to block Egress HTTP and HTTPS Request based
> on certain Header and I've also leveraged squid
> acl request_header_access to check and block header, However this acl
> is only working for HTTP Request and not working for HTTPS Header.
>
> Can anyone try to help me, Does Squid have support to check & block
> HTTPS Request Header?
>
FYI, the difference between HTTP and HTTPS is that the "S" variant
messages are encrypted with TLS.
Look into the SSL-Bump feature of Squid for how to decrypt user traffic.
Also, be aware that there are some major limitations with what you are
trying to do: not all traffic can be decrypted, there are non-HTTP
protocols using TLS, and all your users must be explicitly configured
with trust for CA certificate your Squid uses to do the decryption.
HTH
Amos
More information about the squid-users
mailing list