Re: [squid-users] Need help blocking an specific HTTPS website

2019-03-05 Thread Amos Jeffries 
On 6/03/19 5:11 am, Felipe Arturo Polanco wrote:
> I confirm that, I can see TCP_DENIED requests on the access.log to
> web.whatsapp.com  but still the websites loads.
> 
> 1551192823.356     47 192.168.112.144 TCP_DENIED/403 4453 GET
> https://web.whatsapp.com/ws - HIER_NONE/- text/html
> 


Perhapse WhatsApp uses other protocols to get through when denied by the
proxy.

Have you tried blocking UDP port 80 and 443 (QUIC protocol) in your
firewall?

And of course ports 4244, 5222, 5223, 5228 and 5242.


Amos
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Need help blocking an specific HTTPS website

2019-03-05 Thread Felipe Arturo Polanco 
I confirm that, I can see TCP_DENIED requests on the access.log to
web.whatsapp.com but still the websites loads.

1551192823.356 47 192.168.112.144 TCP_DENIED/403 4453 GET
https://web.whatsapp.com/ws - HIER_NONE/- text/html

On Mon, Mar 4, 2019 at 7:21 PM Leonardo Rodrigues 
wrote:

> Em 04/03/2019 19:27, Felipe Arturo Polanco escreveu:
>
> Hi,
>
> I have been trying to block https://web.whatsapp.com/ from squid and I
> have been unable to.
>
> So far I have this:
>
> I can block other HTTPS websites fine
> I can block www.whatsapp.com fine
> I cannot block web.whatsapp.com
>
> I have HTTPS transparent interception enabled and I am bumping all TCP
> connections, but still this one doesn't appear to get blocked by squid.
>
> This is part of my configuration:
> ===
> acl blockwa1 url_regex whatsapp\.com$
> acl blockwa2 dstdomain .whatsapp.com
> acl blockwa3 ssl::server_name .whatsapp.com
> acl step1 at_step SslBump1
>
>
> blockwa1 and blockwa2 should definitely block web.whatsapp.com ..
> your rules seems right.
>
> Can you confirm the web.whatsapp.com access are getting through squid
> ? Are these accesses on your access.log with something different than
> DENIED status ?
>
>
>
> --
>
>
>   Atenciosamente / Sincerily,
>   Leonardo Rodrigues
>   Solutti Tecnologia
>   http://www.solutti.com.br
>
>   Minha armadilha de SPAM, NÃO mandem email
>   gertru...@solutti.com.br
>   My SPAMTRAP, do not email it
>
>
>
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Need help blocking an specific HTTPS website

2019-03-04 Thread Leonardo Rodrigues 

Em 04/03/2019 19:27, Felipe Arturo Polanco escreveu:

Hi,

I have been trying to block https://web.whatsapp.com/ from squid and I 
have been unable to.


So far I have this:

I can block other HTTPS websites fine
I can block www.whatsapp.com  fine
I cannot block web.whatsapp.com 

I have HTTPS transparent interception enabled and I am bumping all TCP 
connections, but still this one doesn't appear to get blocked by squid.


This is part of my configuration:
===
acl blockwa1 url_regex whatsapp\.com$
acl blockwa2 dstdomain .whatsapp.com 
acl blockwa3 ssl::server_name .whatsapp.com 
acl step1 at_step SslBump1



    blockwa1 and blockwa2 should definitely block web.whatsapp.com .. 
your rules seems right.


    Can you confirm the web.whatsapp.com access are getting through 
squid ? Are these accesses on your access.log with something different 
than DENIED status ?




--


Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it


___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users