Enhancement #3432
web filter: ssl bypassed sites can't be blocked
Status: | CLOSED | Start date: | ||
---|---|---|---|---|
Priority: | Normal | Due date: | ||
Assignee: | - | % Done: | 100% | |
Category: | nethserver-squid | |||
Target version: | v6.8 | |||
Resolution: | NEEDINFO: | No |
Description
Symptoms and steps to reproduce:
I'd like to block access to windowsupdate.microsoft.com, I add it to the filter blacklist, but I can still open the website.
Some other sites can't be blocked, those contained in /etc/squid/acls/ssl_bypass.acl.
History
#1 Updated by Filippo Carletti over 4 years ago
- Status changed from NEW to TRIAGED
- Assignee set to Filippo Carletti
- % Done changed from 0 to 20
I don't get why sites that don't get intercepted by the ssl proxy can't be blocked. It may be an overlooked feature.
I removed the configuration from squid.conf and I blocked the site.
My fix:
rm -f /etc/e-smith/templates/etc/squid/squid.conf/30http_access_40_ssl
#2 Updated by Filippo Carletti over 4 years ago
Side note: the ssl bump bypass list is useless in a transparent ssl proxy scenario: squid receives the destination ip address not the domain name.
To avoid intercepting some https sites, the only option is using the Sites without proxy list.
#3 Updated by Giacomo Sanchietti over 4 years ago
- Status changed from TRIAGED to ON_DEV
- Assignee changed from Filippo Carletti to Giacomo Sanchietti
- % Done changed from 20 to 30
Remove the ssl bypass implementation since it's useless.
#4 Updated by Giacomo Sanchietti over 4 years ago
- Status changed from ON_DEV to MODIFIED
- % Done changed from 30 to 60
#5 Updated by Giacomo Sanchietti over 4 years ago
- Status changed from MODIFIED to ON_QA
- Assignee deleted (
Giacomo Sanchietti) - % Done changed from 60 to 70
In nethserver-testing:
nethserver-squid-1.3.11-1.3.gef85be5.ns6.src.rpm
Test case
- Verify that ssl_bypass acl has been removed
#6 Updated by Davide Principi over 4 years ago
- Assignee set to Davide Principi
#7 Updated by Davide Principi over 4 years ago
- Status changed from ON_QA to VERIFIED
- Assignee deleted (
Davide Principi) - % Done changed from 70 to 90
VERIFIED
grep -F ssl_bypass /etc/squid/squid.conf
Does not match, as expected.
#8 Updated by Giacomo Sanchietti over 4 years ago
- Status changed from VERIFIED to CLOSED
- % Done changed from 90 to 100
Released:
- nethserver-squid-1.3.12-1.ns6.noarch.rpm