Squid and HTTPS - need explanation

Discussion in 'all things UNIX' started by Sully, Jan 28, 2013.

Thread Status:
Not open for further replies.
  1. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Hi.

    I need someone who uses Squid, hopefully with PFSense, that can help me understand exactly that I have going on.

    Not too complicated. I am switching from transparent proxy mode to non-transparent in order to handle HTTPS. I want to, if possible, deny domains for a specific set of internal ip addresses.

    However, after much searching, I still haven't found anything that really helps me. I did post over at PFSense forums, but there is likely some kind soul in this place as well ;)

    Just wondering what differs on the browser proxy settings, and how I can expect HTTPS to behave since it is encrypted etc. Maybe I'm wrong, but I have seen multiple posts where they say Squid will work with HTTPS.

    Sul.
     
  2. Sadeghi85

    Sadeghi85 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    747
    Hi Sully.

    I don't use Squid and didn't quite understand what you want to do, but if you want to decrypt the https traffic(for analyzing, ad blocking etc), Squid has a feature called "SslBump".

    I found that when I was searching for ways to MITM myself(to test something). Ultimately though, I used Burp Suite.
     
  3. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Thanks for the reply, but I don't think its what I am trying to do/use.

    Squid is, from what I read, supposed to work on HTTPS as well as HTTP. I am having issues getting my rules to work on HTTPS, and might need help configuring squid or my clients to do this. I assume it works as many people say it does, but no great step by step instruction that I have found.

    Sul.
     
  4. Sadeghi85

    Sadeghi85 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    747
    As you know ssl uses point to point encryption, depending on what "rules" we're talking about, you might need to decrypt the ssl traffic.

    This page explains: http://wiki.squid-cache.org/Features/HTTPS

    You have configured your browser to use ssl proxy, right?
     
  5. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Ends up easier than I thought.

    When squid is not in transparent mode, it already utilizes the CONNECT of https. It will deny (if you set it to do that) on http or https. I was preparing to migrate to v3, but did not need to.

    Thanks.

    Sul.

    EDIT: as long as you set the clients to use correct proxy, its all in the acl syntax. Nothing more needed except the correct syntax ;)
     
    Last edited: Feb 11, 2013
Loading...
Thread Status:
Not open for further replies.