Hey there,
In the Paradise Valley School District, we've switched from WebSense to
a Debian server running Squid and Squidguard for blocking sites. For the
past 2 months or so, everything's gone perfectly. However, we've hit a
snag, and I was wondering if anybody on here could provide some assistance.
Normally, when a user accesses a site, the request goes to Squid through
transparent proxying, which sends it to the redirector, Squidguard.
Squidguard checks the URL against its blocklists, then either grabs the
queried page through Squid, or, if it's blocked, redirects to our block
page. This all works fine.
However, when trying to block an HTTPS page, things get odd. The request
makes it through Squid into Squidguard, which checks the URL. Since the
site is blocked, it should grab the redirect page. However, it goes
straight through. I'm not sure why it's doing this.
Looking at the Squidguard logs, while the normal redirect request is
issued with a GET, CONNECT is used for HTTPS. That's the only difference
I can find.
In the Squid logs, the request doesn't even appear. Apparently, Squid
only logs the request on its way out of the redirector. Since Squidguard
issues a CONNECT request instead of a GET, I think it's leaving Squid
and going out directly.
Does anybody know how to get around this problem?
Thanks,
David Bendit
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)