Hi, I'd like to block access to Google Mail but allow it to Google Drive. I also need to intercept Google Drive traffic (https) and scan its content via c-icap modules for threats (with clamav and other tools which would block potentially harmful files).
I've failed so far. I added mail.google.com to a custom file named "denied.domains" and loaded as denied_domains ACL in Squid. I know that in TLS traffic there are only IP addresses, so I created the "server_name" ACL as seen below. [...] acl denied_domains dstdomain "/usr/local/share/proxy-settings/denied.domains" http_access deny denied_domains !allowed_groups !allowed_ips http_access deny CONNECT denied_domains !allowed_groups !allowed_ips [...] reply_header_access Alternate-Protocol deny all acl AllowTroublesome ssl::server_name .google.com .gmail.com acl DenyTroublesome ssl::server_name mail.google.com http_access deny DenyTroublesome ssl_bump peek all ssl_bump splice AllowTroublesome ssl_bump bump all First of all, I was expecting that if a client tried to open https://mail.google.com, the connection would be blocked by Squid (DenyTroublesome ACL). It isn't. Why? Second, I am unable to scan content since Squid is splicing all Google traffic. However, if I "bump AllowTroublesome", I can enter my username in https://accounts.google.com, but trying to access to the next step (user password) fails with an unreported error. Any suggestions? Vieri _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
