Re: [ufdbGuard] Fwd: Squid SNI configuration with ufdbguard redirection issue
URL filter to block unwanted content on the internet
Brought to you by:
ufdb
Menu
▾
▴
Re: [ufdbGuard] Fwd: Squid SNI configuration with ufdbguard redirection issue
|
From: Marcus K. <Mar...@ur...> - 2018-10-09 13:46:51
|
blocking HTTPS is non-trivial. The _only_ way to get a human readable message when a site is blocked, is to bump it. Blocking HTTPS without bumping (but splicing) is also possible but then the user will get a message in the browser that may be confusing for the user. You may want to experiment with splicing and using redirect-https noconnect.urlfilterdb.com The message in the browser of the user might improve a little and be something like server unavailable or cannot connect to server Marcus On Tue, Oct 09, 2018 at 12:53:49PM +0530, Krishnadass Kalidoss wrote: > X-Mail-List: ufdbGuard > Hi, > I have configured squid3.5.26 in ssl bump+peek+splice in > squid.conf. > url_rewrite_program /usr/local/bin/ufdbgclient -l /var/log/squid > url_rewrite_children 4 > url_rewrite_extras "%>a/%>A %un %>rm bump_mode=%ssl::bump_mode > sni=\"%ssl::>sni\" referer=\"%{Referer}>h\"" > url_rewrite_access allow all > url_rewrite_bypass off > > In udfbGuard.conf > ufdb-debug-filter 3 > squid-uses-active-bumping on > redirect-bumped-https " > https://blockedhttps.urlfilterdb.com/cgi-bin/URLblocked.cgi?clientgroup=%s&category=%t&url=%u > " > category adv { > domainlist "BL/adv/domains" > option block-bumped-connect off > redirect " > https://blockedhttps.urlfilterdb.com/cgi-bin/URLblocked.cgi?clientgroup=%s&category=%t&url=%u > " > } > In ufdbguardd.log file I can see the redirection to > https://blockedhttps.urlfilterdb.com/cgi-bin/URLblocked.cgi?clientgroup=%s&category=%t&url=%u > but in Browser it does not redirection happen. > when I import Authority certificate in client browser and also > squid.conf I changed to sslbump+peek then the redirection happened > properly. But i want to do with out client side CA imports. Give me any > suggestion please. > _______________________________________________ > ufdbGuard-support mailing list > ufd...@li... > https://lists.sourceforge.net/lists/listinfo/ufdbguard-support |
