Re: [squid-users] Re: Squid + SSL + Safari

[donovan jeffrey j]

On Jan 24, 2011, at 1:09 PM, jam...@mail.milton.k12.wi.us wrote:

 Hello Folks,
 
 
 
 We're currently using squid + DG as a content filtering system and it's
 fantastic. The problem lies with a combination of Squid + Safari and the
 site facebook.com. Students can currently get around our blocks by
 changing the protocol from http to https. The logs show that squid sees
 the CONNECT function and tries to block it but it still passes through.
 All other browsers it's fine and all other sites + safari it appears to
 also be fine. Anyone have any ideas? We've tried blocking using DG and
 then directly through squid by blocking the CONNECT function to facebook.
 
 Squid version 3.0.STABLE24
 

Hi James,

I ran into the same problem using squidguard. I used a pretty harsh denial in 
my firewall. My squid SG works in  intercept  mode so I wrote an IPFW 
statement to deny https for facebook.

deny ip from any to 66.220.144.0/20 dst-port 443
deny ip from any to 69.63.176.0/20 dst-port 443

hope this helps

-j

[squid-users] Re: Squid + SSL + Safari

[jamesj]

Hello Folks,



We're currently using squid + DG as a content filtering system and it's
fantastic. The problem lies with a combination of Squid + Safari and the
site facebook.com. Students can currently get around our blocks by
changing the protocol from http to https. The logs show that squid sees
the CONNECT function and tries to block it but it still passes through.
All other browsers it's fine and all other sites + safari it appears to
also be fine. Anyone have any ideas? We've tried blocking using DG and
then directly through squid by blocking the CONNECT function to facebook.

Squid version 3.0.STABLE24

Re: [squid-users] Re: Squid + SSL + Safari

[Henrik Nordström]

mån 2011-01-24 klockan 12:09 -0600 skrev jam...@mail.milton.k12.wi.us:

 the CONNECT function and tries to block it but it still passes through.

What does access.log report?

REgards
Henrik