Dear all, i using squid as a transparent proxy. But i can't deny a https website like https://remitano.com
My squid is compiled on ubuntu14 with this configure option Squid Cache: Version 3.5.3 Service Name: squid configure options: '--prefix=/usr' '--includedir=/usr/include' '--infodir=/usr/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--libexecdir=/usr/lib/squid' '--srcdir=.' '--datadir=/usr/share/squid' '--sysconfdir=/etc/squid' '--mandir=/usr/share/man' '--enable-inline' '--enable-async-io=24' '--enable-storeio=ufs,aufs,diskd,rock' '--enable-removal-policies=lru,heap' '--enable-gnuregex' '--enable-cache-digests' '--enable-underscores' '--enable-icap-client' '--enable-follow-x-forwarded-for' '--enable-eui' '--enable-esi' '--enable-icmp' '--enable-zph-qos' '--enable-http-violations' '--enable-ssl-crtd' '--enable-linux-netfilter' '--enable-ltdl-install' '--enable-ltdl-convenience' '--enable-x-accelerator-vary' '--disable-maintainer-mode' '--disable-dependency-tracking' '--disable-silent-rules' '--disable-translation' '--disable-ipv6' '--disable-ident-lookups' '--enable-delay-pools' '--with-swapdir=/var/spool/squid' '--with-logdir=/var/log/squid' '--with-pidfile=/var/run/squid.pid' '--with-aufs-threads=24' '--with-filedescriptors=65536' '--with-large-files' '--with-maxfd=65536' '--with-openssl' '--with-default-user=proxy' '--with-included-ltdl' And here is my squid.conf acl localnet src 192.168.10.0/24 #LAN acl localnet src 10.10.10.0/24 #WIFI acl localnet src 10.10.20.0/24 #WIFI acl localnet src 172.18.18.0/24 #WIFI acl localnet src 172.17.0.0/16 acl localnet src 10.10.1.0/24 acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost manager http_access deny manager http_access allow localnet http_access allow localhost http_access deny all acl step1 at_step SslBump1 ssl_bump peek step1 ssl_bump terminate blockregexurl ssl_bump terminate domain ssl_bump terminate block_domain ssl_bump splice all sslproxy_options NO_SSLv2,NO_SSLv3,No_Compression sslproxy_cipher ALL:!SSLv2:!SSLv3:!ADH:!DSS:!MD5:!EXP:!DES:!PSK:!SRP:!RC4:!IDEA:!SEED:!aNULL:!eNULL sslproxy_cert_error deny all sslproxy_flags DONT_VERIFY_PEER sslproxy_cafile /etc/squid/intermediate_ca.pem sslcrtd_program /usr/lib/squid/ssl_crtd -s /var/lib/squid/ssl_db -M 4MB sslcrtd_children 8 startup=1 idle=1 ----------------------- First , i can block facebook by use this command : acl facebook dstdomain .facebook.com http_access deny CONNECT facebook But it is not effect with https://remitano.com I try to use these command but it's not work: acl blockregexurl url_regex -i ^http[s]?:\/\/.*\.remitano\.com\/(/vn) http_access deny blockregexurl http_access deny CONNECT blockregexurl acl block_domain dstdomain remitano.com acl domain dstdomain sso.remitano.com socket.remitano.com cdn.remitano.com http_access deny block_domain http_access deny CONNECT block_domain http_access deny domain http_access deny CONNECT domain -- Thanks & Best Regards, -------------- Đỗ Hoàng Minh Hưng Gmail : hoangminh...@gmail.com SĐT : 01234454115
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
