[squid-users] problem with https-requests

From: Heinz Ahrens <[email protected]>
Date: Fri, 18 Jan 2002 11:07:56 +0100

Hallo squid-mailing-list and squidguard-mailing-list,

i use squidGuard with squid with a nice self-programmed perl-based webinterface. So i use 3 blacklists and perhaps 100 positive lists. The squidGuard.conf is
automatic generated and all works fine for perhaps 700 users. 300 users in positive lists, 400 users in 3 blacklists.

My problem is https. An example:

I want to download https://www.ccc.de/test.exe

ok, there is not a test.exe on www.ccc.de:443, but thats not the problem, there are real .exe-files with the same problem.

squid then says in access.log:

1011335734.985 680 10.118.89.38 TCP_MISS/000 525 CONNECT www.ccc.de:443 yf5ws56 DIRECT/www.ccc.de -

Ok, it is a https-connection and so there is not a urls www.ccc.de:443/test.exe, only www.ccc.de:443

But thats my problem. I want to deny a download with .exe and with http is there no problem.

squidGuard-redirector (apache-log):
127.0.0.1 - - [18/Jan/2002:10:48:23 +0100] "GET /cgi-bin/blocked.pl?
clientaddr=10.96.194.196&url=http://www.ccc.de/test.exe&
group=yf5ws-downloadl&user=yf5ws56 HTTP/1.0" 200 729

Is there a possibility to resolv the problem. Perhaps it is an squid-problem. Is it not possible to send the real url from squid to the redirector squidGuard. Or isnt
there a possibility for squid to see the real URL like https://www.ccc.de/test.exe ??? Or is there a security problem. I think the real url can send to the
redirector, there is no possiblity to read the content of the file and thats ok.

Please help me. I think there is a security problem if my users can download https - exe - files.

Greetings from Germany

  Heinz
Received on Fri Jan 18 2002 - 03:05:30 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:05:53 MST