Hi all. I'm trying to implement the filtering of https content for a particular url. The only thing that I'm trying to do it's to unlock corporate video on the Youtube website. I do not want to unlock everything on Youtube but only our corporate stuff.
The url looks like this: https://www.youtube.com/users/MyCompany. I'm using UFDBGuard as a url filter. The problem is that SSL-Bump is working well but the URL pass from Squid to UFDBGuard is the non SSL-Bump url. What I means is that the URL that UFDBGuard is receiving is https://www.youtube.com:443 instead of the https://www.youtube.com/users/MyCompany. So because UFDBGuard is not receiving the complete SSL-Bump URL, UFDBGuard see that it's Youtube.com, so it block the website. If UFDBGuard was receiving the real SSL-Bump url https://www.youtube.com/users/MyCompany, UFDBGuard will see that this url is whitelisted and should allow the access. Log in the UFDBGuard.log 2015-04-23 16:19:59 [10669] BLOCK MyUser 192.168.100.27 Internet movies www.youtube.com:443 CONNECT Is there something missing in my Squid.conf to pass the correct URL? http_port 192.168.100.2:3129 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB key=/etc/squid/ssl/mycert.com.private cert=/etc/squid/ssl/mycert.com.cert # SSL Bump Config sslproxy_cert_error deny all sslproxy_flags DONT_VERIFY_PEER sslcrtd_program /usr/lib64/squid/ssl_crtd -s /var/lib/ssl_db -M 4MB sslcrtd_children 8 startup=1 idle=1 acl sslBumpYoutube dstdomain www.youtube.com # SSL Bump Config always_direct allow sslBumpYoutube ssl_bump server-first sslBumpYoutube ssl_bump none all Also all my users using the proxy are authenticated. Thanks ___________________________________ Jonathan _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
