Re: [squid-users] ICAP and HTTPS

Thanks Alex, Dieter & Eliezer I've been trying to prevent the CONNECT request being processed by ICAP and the following configuration in Squid 3.5.9 alongside a standard SSL peek and splice config appears to work: acl CONNECT method CONNECT http_access deny CONNECT !SSL_ports adaptation_access

Re: [squid-users] ICAP and HTTPS

. -Original Message- From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf Of Paul Carew Sent: Tuesday, October 6, 2015 10:21 PM To: squid-users@lists.squid-cache.org Subject: Re: [squid-users] ICAP and HTTPS Thanks Alex, Dieter & Eliezer I've been trying to pre

Re: [squid-users] ICAP and HTTPS

ssage is not shown in simple words. Best regards, Rafael Akchurin Diladele B.V. -Original Message- From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf Of Paul Carew Sent: Tuesday, October 6, 2015 10:21 PM To: squid-users@lists.squid-cache.org Subject: Re: [squid-

Re: [squid-users] ICAP and HTTPS

On 10/06/2015 06:50 PM, Marcus Kool wrote: > The 2b) option a.k.a "simply always allow the CONNECT www.example.com and > later block GET https://www.example.com/index.html; _only_ works for > correctly SSL-bumped sites and does not work sites that do not use > SSL+HTTP. If you want the user to

Re: [squid-users] ICAP and HTTPS

On 10/06/2015 10:14 AM, Paul Carew wrote: > when accessing a blocked site over HTTPS the following ICAP > response is received: > > ICAP/1.0 200 OK > ISTAG: "PRODUCTNAME" > Attribute: Blocked Sites > Encapsulated: res-hdr=0, null-body=533 > > HTTP/1.0 403 Blocked > Content-Type: text/html >

Re: [squid-users] ICAP and HTTPS

Hey Paul, From what I have seen until now I believe that the ICAP service response is for a CONNECT request. From security reasons browsers are not allowing or rather then not implanting support for a direct HTTP response to a CONNECT(tunnel) requests. This is why you see this reaction from

[squid-users] ICAP and HTTPS

Hi Just a quick question regarding SSL bump and ICAP. I have integrated Squid 3.5.9 with a commercial product that provides an ICAP service. It works fine for HTTP. Upon recieving an ICAP query for a blocked HTTP site the following ICAP response is returned. ICAP/1.0 200 OK ISTAG:

[squid-users] Icap Squid Https/Http

Hi There Is anyone able to confirm that https requests to squid proxy will be sent on to the icap service? I am able to get normal http requests into icap which displays a banner on the page. I have tried the whole transparent ssl-bump route as well. Thanks Garth

Re: [squid-users] Icap Squid Https/Http

. From: squid-users squid-users-boun...@lists.squid-cache.org on behalf of Garth Lancaster gar...@dcdata.co.za Sent: Thursday, November 13, 2014 11:29 AM To: squid-users@lists.squid-cache.org Subject: [squid-users] Icap Squid Https/Http Hi There Is anyone able to confirm

Re: [squid-users] Icap Squid Https/Http

?I do not pay a cent, I do it myself :) From: Sergey Tsabolov ( aka linuxman ) serg...@greeklug.gr Sent: Thursday, November 13, 2014 2:50 PM To: Rafael Akchurin; Garth Lancaster; squid-users@lists.squid-cache.org Subject: Re: [squid-users] Icap Squid Https/Http