Thanks Amos, hope this could partially stop ultrasurf... crossing fingers..
-----Original Message----- From: Amos Jeffries [mailto:[email protected]] Sent: Monday, August 10, 2009 10:35 AM To: SSCR Internet Admin Cc: [email protected] Subject: Re: [squid-users] Blocking port 443 and let some secured site to be accessed (ie yahoo.com email) On Mon, 10 Aug 2009 10:24:04 +0800, "SSCR Internet Admin" <[email protected]> wrote: > Hi, > > Can anyone give me a hint as to block 443 and let some other secured site > be > excluded from the block? Depends on what you want to block there... I assume that you actually mean you want to block HTTPS traffic except to some certain sites. Squid default controls have ACLs called SSL_ports and CONNECT. With this configuration line: http_access deny CONNECT !SSL_ports To restrict further and only allow certain websites to use port 443/HTTPS create an ACL listing their domain names and change the access lien like so acl httpSites dstdomain .example.com http_access deny CONNECT !SSL_ports !httpsSites Amos --------------------------------------------------- This message is solely intended to the person(s) indicated on the header and has been scanned for viruses and dangerous content by MailScanner. If any malware detected on this transmission, please email the postmaster at [email protected]. Providing Quality Catholic Education for the Masses for more info visit us at http://www.sscrmnl.edu.ph __________ Information from ESET NOD32 Antivirus, version of virus signature database 4295 (20090731) __________ The message was checked by ESET NOD32 Antivirus. http://www.eset.com __________ Information from ESET NOD32 Antivirus, version of virus signature database 4295 (20090731) __________ The message was checked by ESET NOD32 Antivirus. http://www.eset.com --------------------------------------------------- This message is solely intended to the person(s) indicated on the header and has been scanned for viruses and dangerous content by MailScanner. If any malware detected on this transmission, please email the postmaster at [email protected]. Providing Quality Catholic Education for the Masses for more info visit us at http://www.sscrmnl.edu.ph
