Re: [squid-users] Bloking HTTP Tunnels
Luis Daniel Lucio Quiroz yazm?s,: Hi Squids We found that if we block by MIME type HT-* MIMEs headers we can block HTTPProxy tunnel (the one that use html tags). We have found httport (for windows) but still dont know how to block. Has anyone blocked it by other technique than ip blocking? Regards, LD Yes . Normally every https site we connect must have a real domain not (ip address) if we want to believe it is secure site. If a client tries to connect an ip over ssl i guess that it's an unsecure site , if it has a domain i guess that it's secure. Most of the https tunnels use https/ip for tunnelling so if we drop ips only over https we can drop https tunnels. I use this method. Here is the squid config ; acl CONNECT method CONNECT acl ultra_block url_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ http_access deny CONNECT ultra_block all Sorry for my english :) Regards, ismail
Re: [squid-users] squid https
Amos Jeffries yazm?s,: Indunil Jayasooriya yazmýþ: Could you send me your squid.conf file from the version of squid 2.6 , please ? this is the file on openbsd 3.4 Hi again ; This your configuration and i can not see any https configuration in it. This is a standart config. I just want to use redirected https and Not really possible without SSLBump (which means any Squid earlier than 3.1/HEAD). Some have hacked up a simulation of HTTPS interception using reverse-proxy mode and https_port, but that breaks a lot of things in the network and causes much grief to all users. If you want happy users, do away with the interception altogether. [redirected] ftp Not possible in any Squid. Squid is an HTTP proxy not an FTP proxy. There is another proxy called 'Froxy' which can be used for that. Amos Hi Amos , If i use server_ip and squid_port with my browser, i mean without redirecting 80,443, or 21, all of them works properly. Squid can do this perfectly. I do not understand why does not work after redirecting them ? Regards
Re: [squid-users] squid https
Indunil Jayasooriya yazm?s,: I am using Squid Cache: Version 2.6.STABLE18 and when i applied sslBump i got error. Can you use this option with the same version of mine ? I think you are using squid 3. I tried this option like this ; I also use squid Version 2.6.STABLE18 from OpenBSD port tree as transparent interception. I think below may help you http://wiki.squid-cache.org/Features/SslBump?highlight=%28C%7B1%7DategoryWish%29%7C%28C%7B1%7DategoryFeature%29%7C%28completed%29%7C%28Version...%3A.%2A3.1%29%7C%28Status...%3A%29%7C%28ETA...%3A%29 Happy Squiding Hi Indunil ; Could you send me your squid.conf file from the version of squid 2.6 , please ? Regards ismail