RES: [squid-users] How can I block a https site?

From: Ricardo Augusto de Souza <ricardo.souza_at_cmtsp.com.br>
Date: Fri, 24 Oct 2008 13:39:56 -0200

I am still not able to block https sites.
I tested all you sugested here.
I am using transparent proxy. I am redirecting all outgoing traffic to
port 80 to squid port 3128. If i redirect 443 port to squid i wont be
able to access ANY https site.

I just wanna block *FEW* https sites like i AM ALREADY doing using

Acl bleh dstdomain "/some/file/"
http_access deny bleh

-----Mensagem original-----
De: Matus UHLAR - fantomas [mailto:uhlar_at_fantomas.sk]
Enviada em: quinta-feira, 23 de outubro de 2008 08:20
Para: squid-users_at_squid-cache.org
Assunto: Re: [squid-users] How can I block a https site?

> Matus UHLAR - fantomas wrote:
> >On 21.10.08 16:23, Alejandro Bednarik wrote:
> >> You can also use url_regex -i
> >>
> >> acl bad_sites url_regex -i "/etc/squid/bad_sites.txt"
> >> http_access deny bad_sites
> >
> >using regexes is very ineffective and may lead to problems if you
don't
> >count with:
> >- dot matching ANY character
> >- regex matching the middle of string, not just the end of it (like
> > dstdomain does)

On 22.10.08 23:45, Amos Jeffries wrote:
> - URL parts often included in regex not occuring in CONNECT requests.
> - neither the http(s):// part.

no, but it can match different hosts it should not mach.

> >>>>.imo.im

will block e.g. www.limolimo.com

-- 
Matus UHLAR - fantomas, [email protected] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
   One OS to rule them all, One OS to find them, 
One OS to bring them all and into darkness bind them 
Received on Fri Oct 24 2008 - 15:40:13 MDT

This archive was generated by hypermail 2.2.0 : Fri Oct 24 2008 - 12:00:04 MDT