Of course you could always just run your own web-based proxy such as these: https://www.google.com/search?q=web+based+proxies - that would fetch the https site if necessary, and render it as http - but it will rarely be a perfect copy.
I'm sure there are many other ways to do this too... again, what's your real use case here? On Wed, 23 Jun 2021 at 00:01, Coenraad Loubser <coenr...@wish.org.za> wrote: > This seems all good and well if you're just proxying traffic to your own > servers... but if you want to run an actual proxy this doesn't really make > sense any more. > > You can block HTTPS through Squid, and even do some redirection with your > firewall too - but when it comes to whether it will work, your problem is > with the browsers - and everyone else on the internet: as a start, you > might want to read up on > https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security - and > browser implementations. The only way to force HTTP, or to redirect to it, > is to compile and ship your own browsers too - and that would be a terrible > idea as anyone (on the planet) who found out that you have people using > such modified browsers, would be able to impersonate the sites they visited > and steal their credentials, in many cases without them knowing. This is > the actual problem that HTTPS and HSTS helps prevent. > > You can install your own certificates and follow > https://wiki.squid-cache.org/Features/SslBump and then redirect to a > non-HTTPS page, but even so no up to date browser will obey the redirect if > HSTS is enabled for the site. > > If it's caching you want to do, there was a time that you could cache > almost everything and emulate a 1Gbps connection on a 256kbps ADSL line... > but that time ended around 2010... we're now in 2021... it is now cheaper > and easier (esp. if you consider the cost of your time) than ever to just > build fast connections to the internet than ever before. Get yourself a > Starlink modem and share the connection - and costs - with your street, if > you're trying to save on bandwidth. I understand all about wanting to cache > things and run things offline and not having connectivity... > > If you want to cache content the proper way today, you will need to make > deals with the content providers you're trying to cache, and then set up > the infrastructure to host their content on your own server, and either get > them to issue you with SSL Certificates or point their DNS to you... or > easier, just connect to people who have already done this and already has > servers in a regional data center near you. > > Alternatively, I guess you could mirror or spider some sites, and then > just host them on your non-HTTPS mirror. Likely against the wishes and > terms of those sites... but no proxy needed. But if you started messing > with a proxy and DNS in front of it, it would just break on all browsers > today. > > A better way to do it would be to write a browser addon that modifies the > URL to a custom url much like > https://web.archive.org/http://web.archive.org does it by just having the > whole URL as the actual URL path... but why not just browse the Web Archive > directly then... bonus,* they run a Non-SSL version of the whole archive*! > No need to mess with anything. > > If it's just a package repository you want to cache... it almost certainly > still has http support if you dig deeper... but you might want to enable > whatever hash checking mechanisms it has to save yourself some grey hairs. > > Perhaps if you shared your actual use case we could help you come up with > a better (and more responsible and sustainable) solution? > > On Tue, 22 Jun 2021 at 21:32, Arctic5824 <arctic5...@protonmail.com> > wrote: > >> Hello, Recently I setup my first squid proxy, >> >> I want it when users try to acces a website via https, they get >> redirected to the http version, I tried disabling https by reading the >> comments in the config, the squid docs, and online forums, but I am unable >> to figure this out, I also tried blocking port 443 using ufw but it just >> resulted in users timing out. >> >> Please rest assured I understand the security and other risks this >> brings, thanks. >> To reiterate as this email is a bit long, I'd like to know how to >> dis-allow https and redirect users to http versions of websites when they >> try to use https >> >> _______________________________________________ >> squid-users mailing list >> squid-users@lists.squid-cache.org >> http://lists.squid-cache.org/listinfo/squid-users >> > > >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
