Re: [squid-users] filtering http(s) sites, transparently

2016-10-26 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 27.10.2016 4:37, Amos Jeffries пишет: > On 27/10/2016 7:55 a.m., Yuri Voinov wrote: >> >> 27.10.2016 0:54, Jok Thuau пишет: >> >>> Setting up the client and the proxy to use a common infrastructure for >>> DNS (dnsmasq on the network) helped a

Re: [squid-users] filtering http(s) sites, transparently

2016-10-26 Thread Amos Jeffries
On 27/10/2016 7:55 a.m., Yuri Voinov wrote: > > 27.10.2016 0:54, Jok Thuau пишет: > >> Setting up the client and the proxy to use a common infrastructure for >> DNS (dnsmasq on the network) helped a lot. > > Yes, this is common and best practice already. I think, time to write > article on Wiki

Re: [squid-users] filtering http(s) sites, transparently

2016-10-26 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 27.10.2016 0:54, Jok Thuau пишет: > > On Wed, Oct 26, 2016 at 11:45 AM, Yuri Voinov > wrote: > > > > Jok, > > it can be DNS leak. Does you tested it? 8.8.8.8 can be poisoned (probably) or

Re: [squid-users] filtering http(s) sites, transparently

2016-10-26 Thread Jok Thuau
On Wed, Oct 26, 2016 at 11:45 AM, Yuri Voinov wrote: > > > Jok, > > it can be DNS leak. Does you tested it? 8.8.8.8 can be poisoned (probably) > or intercepted by ISP. > > DNS is working fine and is not being poisoned/intercepted/messed with. The records that come back from

Re: [squid-users] filtering http(s) sites, transparently

2016-10-26 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Jok, it can be DNS leak. Does you tested it? 8.8.8.8 can be poisoned (probably) or intercepted by ISP. 27.10.2016 0:01, Jok Thuau пишет: > After being side-tracked with a few different project, I ended up with the > config below. It appears to

Re: [squid-users] filtering http(s) sites, transparently

2016-10-26 Thread Jok Thuau
After being side-tracked with a few different project, I ended up with the config below. It appears to do the right things, though the ACL organization could use some cleanup... (Browsing to authorized sites works, browsing to something else, i get a denied page from squid) However, even though

Re: [squid-users] filtering http(s) sites, transparently

2016-04-06 Thread Amos Jeffries
On 6/04/2016 6:50 a.m., Jok Thuau wrote: > On Mon, Apr 4, 2016 at 6:23 PM, Amos Jeffries wrote: > > > If i remove *all* the http_access lines, then the behavior appears correct > (from a "splicing/bumping" standpoint). > Strange. Squid without

Re: [squid-users] filtering http(s) sites, transparently

2016-04-05 Thread Jok Thuau
On Mon, Apr 4, 2016 at 6:23 PM, Amos Jeffries wrote: > >>> > >>> If i remove *all* the http_access lines, then the behavior appears > >> correct > >>> (from a "splicing/bumping" standpoint). > >>> > >> > >> Strange. Squid without any http_access lines should be denying

Re: [squid-users] filtering http(s) sites, transparently

2016-04-04 Thread Amos Jeffries
On 5/04/2016 4:49 a.m., Jok Thuau wrote: > On Sun, Apr 3, 2016 at 9:59 PM, Amos Jeffries wrote: > >> On 4/04/2016 4:18 p.m., Jok Thuau wrote: >>> I'm attempting to build a transparent proxy (policy based routing on >>> firewall to squid proxy) with the following behavior:

Re: [squid-users] filtering http(s) sites, transparently

2016-04-04 Thread Jok Thuau
Thanks James! This is really close to what I need. Comparing this to my existing config, it looks like i'm pretty close, except that i don't want to "terminate" the sslbump, i need to send an error notification to the end-user. ​ ___ squid-users mailing

Re: [squid-users] filtering http(s) sites, transparently

2016-04-04 Thread Jok Thuau
On Sun, Apr 3, 2016 at 9:59 PM, Amos Jeffries wrote: > On 4/04/2016 4:18 p.m., Jok Thuau wrote: > > I'm attempting to build a transparent proxy (policy based routing on > > firewall to squid proxy) with the following behavior: > > > > 1) proxies http traffic for a given set

Re: [squid-users] filtering http(s) sites, transparently

2016-04-04 Thread James Lay
On Sun, 2016-04-03 at 21:18 -0700, Jok Thuau wrote: > I'm attempting to build a transparent proxy (policy based routing on > firewall to squid proxy) with the following behavior: > > > > 1) proxies http traffic for a given set of domains, provide an message > otherwise such "domain not allowed"

Re: [squid-users] filtering http(s) sites, transparently

2016-04-03 Thread Amos Jeffries
On 4/04/2016 4:18 p.m., Jok Thuau wrote: > I'm attempting to build a transparent proxy (policy based routing on > firewall to squid proxy) with the following behavior: > > 1) proxies http traffic for a given set of domains, provide an message > otherwise such "domain not allowed" or similar > 2)

[squid-users] filtering http(s) sites, transparently

2016-04-03 Thread Jok Thuau
I'm attempting to build a transparent proxy (policy based routing on firewall to squid proxy) with the following behavior: 1) proxies http traffic for a given set of domains, provide an message otherwise such "domain not allowed" or similar 2) proxies https traffic for a given set of domains