Squid Not Blocking SSL HTTPS Properly

proxy squid blocking
6,636

As the youtube you try to block is in HTTPS, you have a problem. The proxy don't decapsulate the HTTPS to know the URL and the content, so, it is able to drop the connection. To solve your problem, you must see the SSL Bump solution of Squid. It is not enable by default because of licence issues, but you can easily recompile the package. The problem of this solution is that the client must know the authority of certification used in the proxy, and this authority is local and allow to create a certificate for all the https sites. So you need to deploy the autority on all the PC.

http://wiki.squid-cache.org/Features/SslBump

Share:
6,636

Related videos on Youtube

John
Author by

John

Updated on September 18, 2022

Comments

  • John
    John over 1 year

    So my goal here it to block only certain youtube channels.

    If I do:

    acl block_youtube dstdomain .youtube.com
http_access deny block_youtube

    it blocks any access to youtube.

    if I do:

    acl block_youtube url_regex -i ^https://www.youtube.com/watch\?v=v2AC41dglnM
http_access deny block_youtube

    it doesn't block that particular page, even though I see this in my access_log.

    475862685.876      0 100.100.100.100 TAG_NONE/200 0 CONNECT www.youtube.com:443 - HIER_NONE/- -
1475862686.359    412 100.100.100.100 TCP_MISS/200 51182 GET https://www.youtube.com/watch\?v=v2AC41dglnM - HIER_DIRECT/216.58.192.238 application/json

    Any one have any idea how to resolve this?

  • John
    John over 7 years
    I have already done all this already. If I didn't do this, I would not be seeing the https access in the logs.
  • Dom
    Dom over 7 years
    IT is strange that in the logs there is a backslash before the question mark. You need to add one in your regex too.
  • John
    John over 7 years
    It's already in my regex isn't it or do I need it a special way? Not to familiar with regex.
  • Dom
    Dom over 7 years
    The '?' means the previous char can be optional. If you want a real ?, you need to escape it with a \. So your regex is OK, but the url no : to match , you should have "youtube.com/watch?v=v2AC41dglnM" (without backslash)
  • John
    John over 7 years
    It is a real character. So weird, I did a php script to rewrite the urls and it is working fine now as a squid redirect program. Now I am facing another issue as squid isn't working in the iOS YouTube app.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Squid: how to block websites for a particular IP address?
Allow a certain URL path with Squid
Reverse proxy from nginx to squid
How to configure Squid connection|read|write timeout per Request instead of Globally
Is it possible to install proxy server to DD-WRT?
Unable to determine IP address from host name
Squid3 ncsa basic auth always fails
Squid proxy with ncsa_auth
Squid or Polipo
Slack desktop client on 16.04 behind proxy server