On Wed, Mar 23, 2011 at 2:56 PM, David Barbero <[email protected]>wrote:
> Alberto Mijares <[email protected]> ha escrito: > >> Squid can not store in cache the content from https traffic; however, >> you are still able to create ACL's to control the access to this >> URI's. >> >> Check out your ACL. >> > > Squid cannot stored and cannot filtering https connetions, when the client > open a https conection the squid only make a tunnel from client to server, > don't see anything of content or URL (Only see destination IP), the only way > to block https connetions is filter by destination ip in pf or acl (I'm not > sure if this work properly with squid acl), but squid o squidguard can't > filter a SSL connection directly. > That is absolutely wrong, Squid (with SquidGuard) in a TRANSPARENT PROXY configuration can not filter https traffic. If you are using explicit proxy settings in your browser, https (and just about any other protocol) can be filtered. As I said earlier in this thread, I have the exact configuration that the original poster was looking for: - SquidGuard filters according to a third-party blacklist of websites. - All ports that are handled by Squid/SquidGuard, including 80 (http) and 443 (https) are redirected by the pfSense (using a NAT rule) to an error page explaining how to set up a proxy in different browsers. - We are not using Squid for the purpose of caching, only filtering (limited hard drive space, otherwise we might) If anyone wants specific details about how to set up this configuration, I might be able to help you as my time allows. - Yehuda
