Thanks. But how can I implement SSLBump to block port 443 for only specific websites such as blocking Proxy Sites which use https?
-----Original Message----- From: Matus UHLAR - fantomas [mailto:[email protected]] Sent: Tuesday, July 06, 2010 5:24 PM To: [email protected] Subject: Re: [squid-users] Blocking SSL Port does not work On 05.07.10 18:24, Malvin Rito wrote: > I'm trying to block SSL port 443 on my squid server but no luck on several > tries. My squid Server is running Transparent Mode. You must block port 443 on your firewall, not on squid. If you intent to block port 443, it's useless to redirect it to squid. If you want to intercept port 443, you should know thatit's called man-in-the-middle attack since the traffic is encrypted between browser and server. While newest squid supports this by using SSLBump feature, browers can detect that you did this because the squid's certificate won't match the server name. -- Matus UHLAR - fantomas, [email protected] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Chernobyl was an Windows 95 beta test site.
