Re: Squid + Squidguard - Problems redirecting HTTPS

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMDavid Bendit at <-
Kevin at ->
Attachments:
Message as email
+ (text/plain)
+ (text/html)
+ (text/plain)
Delete this message
Reply to this message
Author: Dazed_75
Date:  
To: Main PLUG discussion list
Subject: Re: Squid + Squidguard - Problems redirecting HTTPS
I should probably not open my yap since I know nothing about this, but do
you have/need a secured verson of your block page for redirecting of https
requests?

On 10/12/06, David Bendit <> wrote:
>
> > Hey there,
>
> In the Paradise Valley School District, we've switched from WebSense to
> a Debian server running Squid and Squidguard for blocking sites. For the
> past 2 months or so, everything's gone perfectly. However, we've hit a
> snag, and I was wondering if anybody on here could provide some
> assistance.
>
> Normally, when a user accesses a site, the request goes to Squid through
> transparent proxying, which sends it to the redirector, Squidguard.
> Squidguard checks the URL against its blocklists, then either grabs the
> queried page through Squid, or, if it's blocked, redirects to our block
> page. This all works fine.
>
> However, when trying to block an HTTPS page, things get odd. The request
> makes it through Squid into Squidguard, which checks the URL. Since the
> site is blocked, it should grab the redirect page. However, it goes
> straight through. I'm not sure why it's doing this.
>
> Looking at the Squidguard logs, while the normal redirect request is
> issued with a GET, CONNECT is used for HTTPS. That's the only difference
> I can find.
>
> In the Squid logs, the request doesn't even appear. Apparently, Squid
> only logs the request on its way out of the redirector. Since Squidguard
> issues a CONNECT request instead of a GET, I think it's leaving Squid
> and going out directly.
>
> Does anybody know how to get around this problem?
>
> Thanks,
> David Bendit
> > ---------------------------------------------------
> PLUG-discuss mailing list -
> To subscribe, unsubscribe, or to change you mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>



--
Be who you are and say what you feel, because those who mind don't matter
and those who matter don't mind. - Dr. Seuss
---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-Need Help Installing KDERe: any opinions on sabayon?->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)