Hi!
Currently, I am using the version squid-3.5.12. I have configure the SSL bump
this way:
http_port 8080 ssl-bump \
cert=/usr/local/squid/etc/ssl_cert/myCA.pem \
generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
acl step1 at_step SslBump1
#sslproxy_options NO_SSLv2,NO_SSLv3,SINGLE_DH_USE
ssl_bump peek step1
ssl_bump bump all
I am able to do HTTP filtering, however, using doing an HTTPS url filter does
not work. A specific example is whitelisting the following URL
https://www.facebook.com/login, but I do not want to allow all of facebook’s
traffic to be whitelisted, thus the url https://www.facebook.com should not be
allowed.
Trying to do a url_regex to www.facebook.com/login will give me the default
error page from squid. I am using firefox to use the proxy. And in the logs I
am given a 403 error:
"GET https://www.facebook.com/login HTTP/1.1" 403 "-" "Mozilla/5.0 (Macintosh;
Intel Mac OS X 10.11; rv:42.0) Gecko/20100101 Firefox/42.0” TAG_NONE:HIER_NONE
I do not want to whitelist the whole Facebook domain. I simply want to
whitelist facebook.com/login, so that we can allow websites that uses Facebook
login to use it.
Hope this helps.
Thanks!
Joru
> On 28 Dec 2015, at 11:32 PM, Antony Stone <[email protected]>
> wrote:
>
> On Monday 28 December 2015 at 16:22:58, joru.pacs wrote:
>
>> Hi!
>>
>> I am trying to set up squid to be a whitelist proxy which should be able to
>> filter both HTTP and HTTPS URLs.
>
>> I have already tried using SSL Bump
>
> How? What squid.conf did you use? What results did you get? What didn't
> work?
>
>> I haven’t found anything or any good documentation that would help me to do
>> what I have just enumerated.
>
> http://wiki.squid-cache.org/Features/SslPeekAndSplice should point you in the
> right direction.
>
> Please try that, and if you run into problems, let us know:
>
> - what you have in squid.conf (without comments or blank lines)
> - which exact version of Squid you are using
> - which browser/s you are using
> - which URL/s you are trying to access and having problems with
> - what shows up in Squid's access log when you connect to those URLs
>
> Good luck,
>
>
> Antony.
>
> --
> Late in 1972 President Richard Nixon announced that the rate of increase of
> inflation was decreasing. This was the first time a sitting president used
> a
> third derivative to advance his case for re-election.
>
> - Hugo Rossi, Notices of the American Mathematical Society
>
> Please reply to the list;
> please *don't* CC me.
> _______________________________________________
> squid-users mailing list
> [email protected]
> http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
[email protected]
http://lists.squid-cache.org/listinfo/squid-users
