Squid and HTTPS - need explanation

Discussion in 'all things UNIX' started by Sully, Jan 28, 2013.

Thread Status:
Not open for further replies.
  1. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Hi.

    I need someone who uses Squid, hopefully with PFSense, that can help me understand exactly that I have going on.

    Not too complicated. I am switching from transparent proxy mode to non-transparent in order to handle HTTPS. I want to, if possible, deny domains for a specific set of internal ip addresses.

    However, after much searching, I still haven't found anything that really helps me. I did post over at PFSense forums, but there is likely some kind soul in this place as well ;)

    Just wondering what differs on the browser proxy settings, and how I can expect HTTPS to behave since it is encrypted etc. Maybe I'm wrong, but I have seen multiple posts where they say Squid will work with HTTPS.

    Sul.
     
    Sully, Jan 28, 2013
    #1
  2. Sadeghi85

    Sadeghi85 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    747
    Hi Sully.

    I don't use Squid and didn't quite understand what you want to do, but if you want to decrypt the https traffic(for analyzing, ad blocking etc), Squid has a feature called "SslBump".

    I found that when I was searching for ways to MITM myself(to test something). Ultimately though, I used Burp Suite.
     
    Sadeghi85, Jan 29, 2013
    #2
  3. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Thanks for the reply, but I don't think its what I am trying to do/use.

    Squid is, from what I read, supposed to work on HTTPS as well as HTTP. I am having issues getting my rules to work on HTTPS, and might need help configuring squid or my clients to do this. I assume it works as many people say it does, but no great step by step instruction that I have found.

    Sul.
     
    Sully, Feb 1, 2013
    #3
  4. Sadeghi85

    Sadeghi85 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    747
    As you know ssl uses point to point encryption, depending on what "rules" we're talking about, you might need to decrypt the ssl traffic.

    This page explains: http://wiki.squid-cache.org/Features/HTTPS

    You have configured your browser to use ssl proxy, right?
     
    Sadeghi85, Feb 2, 2013
    #4
  5. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Ends up easier than I thought.

    When squid is not in transparent mode, it already utilizes the CONNECT of https. It will deny (if you set it to do that) on http or https. I was preparing to migrate to v3, but did not need to.

    Thanks.

    Sul.

    EDIT: as long as you set the clients to use correct proxy, its all in the acl syntax. Nothing more needed except the correct syntax ;)
     
    Last edited: Feb 11, 2013
    Sully, Feb 11, 2013
    #5
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...