Filter HTTPS URLs with non-transparent proxy

Question

I have set up a Squid v.3.1 + Squidguard, the proxy is configured on each browser via a proxy.pac file. Now if an user goes to a blocked site with HTTP (e.g. http://www.facebook.com) the Url filter works and the user is redirected to the block page, but if he goes to https (e.g. https://www.facebook.com) he is not blocked. What do I have to configure to block HTTPS urls?

Here is my squid.conf:

acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http

acl CONNECT method CONNECT

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow all

http_port 3128

url_rewrite_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf

Thank you in advance.

Answer 1

I got HTTPS block working, by modifying proxy.pac this way:

function FindProxyForURL(url,host)
{
if (shExpMatch(url,"http:*") || shExpMatch(url,"https:*"))
        return "PROXY ipProxy:3128";
    else
        return "DIRECT";
}

Now if an user goes to https://www.facebook.com the site is not loaded (and other non-blocked https sites are normally reachable), but he is not redirected to the "blocked site" error page, simply the browser gives an error:

• Firefox and IE give a generic "unable to load page" error page
• Chrome gives an Error 111 (net::ERR_TUNNEL_CONNECTION_FAILED) error

Is there a way to redirect to the error page users coming from HTTPS blocked urls?