Michael I. <linux-michae...@abwesend.de> wrote: > I have a problem with my squid3 + squidguard. I can't redirect https > requests to an errorpage. When I request a blocked https page it > always says the site isn't available.
> I searched on the internet an there it says, it is an problem with the > https protocol because https is direct an dosn't allow an redirect. This is correct. A HTTP-Client doing HTTPS over a proxy like squid uses CONNECT (instead of HEAD, GET or POST) which instructs the proxy to open a TCP connectio to the specified host and port and forward any bytes sent or received. Since inside that connction the data is encrypted, the proxy cannot do anything special with it. > Is there really no way to redirect https request to an errorpage with > squid3+squidguard? Short answer: No, there is not. Long answer: The only way is to setup a transparent proxy, intercepting any outbound connection and terminating the encryption on the proxy. You will need a fake CA certificate with which the proxy is able to create fake server certificates so the client still thinks it is connected to the real server. And here it gets a) dangerous and b) expensive. Grüße, Sven. -- Sigmentation fault. Core dumped. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/jbfpujsro...@mids.svenhartge.de
