-1

I have configure squid in pfsense 1.2.3, and was able to block http sites using a black list, but I was not able to block https sites.

Any solutions ?

pjmorse
  • 1,450
  • 1
  • 17
  • 34
dddddd
  • 11
  • 3
  • 6

2 Answers2

0

You can't proxy HTTPS with transparent proxying (see this).

But, of course, you may rebuild squid from sources for this MITM, like it described, for example, in this guide.

But I still don't understand why you can't lock sites with SSL encryption with squid - URLs aren't encrypted, and therefore you can add it to blacklist.

Max Kochubey
  • 1,191
  • 6
  • 8
  • The first sentence there tells why. URLs are encrypted though. If you're MITMing the traffic it doesn't matter as that's part of what you're decrypting. But otherwise, it's impossible to see the URL in HTTPS. – Chris Buechler Jan 11 '13 at 08:55
0

I got the same problem. This is a loop hole in SQUID, the only solution that I can do is to use internal DNS and declare domains extensions in the DNS server. Nobody can send test ping yahoo.com, but they can access yahoo in the browser as long as the proxy settings in browser is correct.

ZeroCool
  • 1