Squid + Squidguard - Problems redirecting HTTPS

Dazed_75 lthielster at gmail.com
Fri Oct 13 01:52:36 MST 2006 

I should probably not open my yap since I know nothing about this, but do
you have/need a secured verson of your block page for redirecting of https
requests?

On 10/12/06, David Bendit <DarkElf109 at ibendit.com> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hey there,
>
> In the Paradise Valley School District, we've switched from WebSense to
> a Debian server running Squid and Squidguard for blocking sites. For the
> past 2 months or so, everything's gone perfectly. However, we've hit a
> snag, and I was wondering if anybody on here could provide some
> assistance.
>
> Normally, when a user accesses a site, the request goes to Squid through
> transparent proxying, which sends it to the redirector, Squidguard.
> Squidguard checks the URL against its blocklists, then either grabs the
> queried page through Squid, or, if it's blocked, redirects to our block
> page. This all works fine.
>
> However, when trying to block an HTTPS page, things get odd. The request
> makes it through Squid into Squidguard, which checks the URL. Since the
> site is blocked, it should grab the redirect page. However, it goes
> straight through. I'm not sure why it's doing this.
>
> Looking at the Squidguard logs, while the normal redirect request is
> issued with a GET, CONNECT is used for HTTPS. That's the only difference
> I can find.
>
> In the Squid logs, the request doesn't even appear. Apparently, Squid
> only logs the request on its way out of the redirector. Since Squidguard
> issues a CONNECT request instead of a GET, I think it's leaving Squid
> and going out directly.
>
> Does anybody know how to get around this problem?
>
> Thanks,
> David Bendit
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.3 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFFLwa1/eN+mEehuEMRAufcAJ9vzdlDbqdYPRIzZU0Te131nTRulACdEJDA
> 8MzAR2lL0vuyHADK6z5Y5/k=
> =h998
> -----END PGP SIGNATURE-----
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change  you mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>



-- 
Be who you are and say what you feel, because those who mind don't matter
and those who matter don't mind.  - Dr. Seuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20061013/917b362f/attachment.htm

More information about the PLUG-discuss mailing list