I am running a Squid proxy server and have run into a problem viewing some secure web sites. I am referring to web sites using the HTTPS protocol, instead of the HTTP protocol.
I have a banlist file containing words and phrases that are of an adult nature. Words like cum, and virgin. If one of our user’s attempts to view a web site who’s URL contains one of the words listed in this file, the user is presented with an access denied web page instead. There is also an allowlist file containing domain names and words. Words like document and domains like virgin-atlantic.com. The allowlist file is process first so that if a URL contains the word document in it, it is allowed where as if the banlist file was processed first, the web page would not have loaded because of the word cum being in the banlist file.
One of my users is having a problem viewing the web site but not the web site The only difference is the change from HTTP to HTTPS. I am unsure how to instruct Squid to process the allowlist and banlist files for HTTPS, just like it does for HTTP traffic.
The following is from the Access Controls section of the squid.conf file.
acl sunnuclear src 192.168.0.0/24
acl banlist url_regex "/etc/squid/banlist"
acl allowlist url_regex "/etc/squid/allowlist"
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow allowlist
http_access deny banlist
http_access allow sunnuclear
http_access allow localhost
http_access allow SSL_ports
http_access deny all
http_reply_access allow all
icp_access allow all
I hope that I have provided you with enough information about this problem. I would appreciate any help that you can provide me with this problem.
Thank you for your time.
I have a banlist file containing words and phrases that are of an adult nature. Words like cum, and virgin. If one of our user’s attempts to view a web site who’s URL contains one of the words listed in this file, the user is presented with an access denied web page instead. There is also an allowlist file containing domain names and words. Words like document and domains like virgin-atlantic.com. The allowlist file is process first so that if a URL contains the word document in it, it is allowed where as if the banlist file was processed first, the web page would not have loaded because of the word cum being in the banlist file.
One of my users is having a problem viewing the web site but not the web site The only difference is the change from HTTP to HTTPS. I am unsure how to instruct Squid to process the allowlist and banlist files for HTTPS, just like it does for HTTP traffic.
The following is from the Access Controls section of the squid.conf file.
acl sunnuclear src 192.168.0.0/24
acl banlist url_regex "/etc/squid/banlist"
acl allowlist url_regex "/etc/squid/allowlist"
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow allowlist
http_access deny banlist
http_access allow sunnuclear
http_access allow localhost
http_access allow SSL_ports
http_access deny all
http_reply_access allow all
icp_access allow all
I hope that I have provided you with enough information about this problem. I would appreciate any help that you can provide me with this problem.
Thank you for your time.