Question about Squid Web Proxy

Started by bryanjones, January 05, 2026, 08:31:26 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
January 05, 2026, 08:31:26 AM
Hello,
Can the Squid web proxy be configured to filter URLs without requiring a certificate installation on client devices?

I've successfully set it up with a manually imported certificate, but I'm curious if Squid can perform URL filtering like some commercial firewalls do, without needing to install a certificate on the endpoints.

Thanks in advance!
January 05, 2026, 09:17:49 AM #1
With explicit proxy configuration on the client, yes. Transparently, no.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
January 05, 2026, 09:28:42 AM #2
@bryanjones: No firewall can do that, unless you configure the client to use a specific proxy. If they claim that they can, they are selling snake oil. The best they could do is to do DNS-based filtering, which is limited to the host part of the URL.

The very principle of traffic introspection relies on breaking up the encrypted traffic, thus presenting a fake certificate to the client which it must trust. If you cannot make all of your clients do that, you are out of luck.
Intel N100, 4* I226-V, 2* 82559, 16 GByte, 500 GByte NVME, ZTE F6005

1100 down / 800 up, Bufferbloat A+
Print
Go Up Pages1
User actions