On Jan 24, 2011, at 1:09 PM, jam...@mail.milton.k12.wi.us wrote:
Hello Folks,
We're currently using squid + DG as a content filtering system and it's
fantastic. The problem lies with a combination of Squid + Safari and the
site facebook.com. Students can currently get around our blocks by
changing the protocol from http to https. The logs show that squid sees
the CONNECT function and tries to block it but it still passes through.
All other browsers it's fine and all other sites + safari it appears to
also be fine. Anyone have any ideas? We've tried blocking using DG and
then directly through squid by blocking the CONNECT function to facebook.
Squid version 3.0.STABLE24
Hi James,
I ran into the same problem using squidguard. I used a pretty harsh denial in
my firewall. My squid SG works in intercept mode so I wrote an IPFW
statement to deny https for facebook.
deny ip from any to 66.220.144.0/20 dst-port 443
deny ip from any to 69.63.176.0/20 dst-port 443
hope this helps
-j