On 26/02/2016 11:47 a.m., Dick Visser wrote: > Hi > > I'm trying to set up an acl to allow a link checker tool to do its > work through squid. > This tool is a Wordpress plugin. > The whole reason I have squid is so that Wordpress itself cannot > retrieve random stuff from the Internet. > > I had come up with the idea of allowing HEAD method, so the link > checker plugin can do its job while at the same time not allowing > malicious content to be retrieved. > This appears to work well. > > However, when the plugins tries to check HTTPS URLs it uses CONNECT, > which is then denied by squid.
The tool is setup to relay TLS "HTTPS" through an *HTTP* proxy. To have any more control than what you already found with that particular layering will require MITM'ing that traffic with Squid SSL-Bump feature. However, Squid is capable of recieving TLS connections in its role as explicit/forward proxy. If the tool can be updated to use TLS to secure its connection to the proxy, then to deliver its https:// messages to the proxy over that (instead of using "HTTPS") you will get better control without any loss of security. Amos _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
