1
18.1 Legacy Series / Web Proxy - Inconsistent filtering and protocol mismatch
« on: April 16, 2018, 10:24:32 am »
Hello all,
We would like to use a transparent Web proxy in order to block visitors from accessing undesirable Websites.
Here are some of the issues we are encountering:
* Websites that match one of the filtered category seem to be blocked. I.e.: www.ubs.com cannot be accessed even though the “bank” category is not blacklisted.
* When trying to access via HTTPS a Website that matches a filtered category that isn’t white-listed, we receive an SSL error on the browser. A network capture shows Squid responding with an Access Denied message in plain-text HTTP, and not HTTPS.
The error that is reoccurring in the access logs is TCP_Denied, but we can’t tell specifically what ACL we are hitting.
We are able to access some HTTPS Websites, it’s only when the access is denied that we receive a response in HTTP, and we also cannot tell why it’s being denied.
Other websites that don’t work: www.youtube.com, ch.archive.ubuntu.com
What are your suggestions?
We would like to use a transparent Web proxy in order to block visitors from accessing undesirable Websites.
Here are some of the issues we are encountering:
* Websites that match one of the filtered category seem to be blocked. I.e.: www.ubs.com cannot be accessed even though the “bank” category is not blacklisted.
* When trying to access via HTTPS a Website that matches a filtered category that isn’t white-listed, we receive an SSL error on the browser. A network capture shows Squid responding with an Access Denied message in plain-text HTTP, and not HTTPS.
The error that is reoccurring in the access logs is TCP_Denied, but we can’t tell specifically what ACL we are hitting.
We are able to access some HTTPS Websites, it’s only when the access is denied that we receive a response in HTTP, and we also cannot tell why it’s being denied.
Other websites that don’t work: www.youtube.com, ch.archive.ubuntu.com
What are your suggestions?