[squid-users] Google recaptcha use

Stephen Borrill squid at borrill.org.uk
Tue Feb 20 08:40:57 UTC 2024

Previous message (by thread): [squid-users] Google recaptcha use
Next message (by thread): [squid-users] Google recaptcha use
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 20/02/2024 08:06, Dsant wrote:
> Hello, I set up a squid proxy, I want to allow some sites, Google 
> recaptcha and block everything else.
> 
> acl mydest dstdomain .projet-voltaire.fr
> http_access allow mydest
> acl  google_recaptcha url_regex ^www.google.com/recaptcha/$
> http_access allow google_recaptcha
> http_access deny all
> 
> The captcha is not showing. A syntax error ?

www.google.com is an HTTPS site. This means that from the point of view 
of the proxy, only the hostname is visible (i.e. www.google.com) and so 
your regex can never match. Look in your logs, you will see:

CONNECT www.google.com

and not:

GET http://www.google.com/recaptcha/

The only way round this is to use ssl_bump to intercept and decrypt the 
traffic so that the HTTP request is visible. This is, however, not for 
the faint-hearted and will require a CA certificate to be installed on 
each client machine.

-- 
Stephen

Previous message (by thread): [squid-users] Google recaptcha use
Next message (by thread): [squid-users] Google recaptcha use
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the squid-users mailing list