How to configure squid for inspecting https requests and pages

certificate-authorityhttpsman-in-the-middlePROXYsquid

I wish to allow squid to block https requests by full URL regex matching (not just domain) and to block https responses by inspecting page contents.

Is there some step by step guide for how to set that up?

Particularly, in http://wiki.squid-cache.org/Features/SslBump there is no mention of how exactly to create the certificate, and how would I go about adding the CA to computers in my network.

Thanks.

Best Answer

Be very careful how you plan on implementing this. Legal and possibly criminal liability could result, depending on where you are.

You need to create the CA certificate yourself. I found a decent guide on the certificate creation here: http://www.freebsdmadeeasy.com/tutorials/freebsd/create-a-ca-with-openssl.php

After you have created the certificate, and loaded it on the proxy server, you'll need to install it on the workstations. I am going to assume you have Windows running in user-world, so installing them can be done through a GPO. Microsoft has info here: http://technet.microsoft.com/en-us/library/cc770315%28WS.10%29.aspx

Correct way in new versions of nginx

Turn out my first answer to this question was correct at certain time, but it turned into another pitfall - to stay up to date please check Taxing rewrite pitfalls

I have been corrected by many SE users, so the credit goes to them, but more importantly, here is the correct code:

server {
       listen         80;
       server_name    my.domain.com;
       return         301 https://$server_name$request_uri;
}

server {
       listen         443 ssl;
       server_name    my.domain.com;
       # add Strict-Transport-Security to prevent man in the middle attacks
       add_header Strict-Transport-Security "max-age=31536000" always; 

       [....]
}

Squid and https URLs

It looks like the server hosting squid can't resolve the name "www.google.com", to me.

The second line in your access.log sample is telling you that squid isn't sending the request to the parent cache, but rather is attempting a direct connection to "www.google.com" (the DIRECT/- is the tip-off). If you want CONNECT requests to be sent to the parent cache, add the never_direct allow CONNECT directive to your squid.conf file and you'll be in business.

Best Answer

Related Solutions

NGINX Redirect – How to Rewrite All HTTP Requests to HTTPS While Maintaining Sub-Domain

Correct way in new versions of nginx

Squid and https URLs

Related Topic