Comments on Filtering HTTPS Traffic With Squid

Filtering HTTPS Traffic With Squid This article will tell you how to compile, setup and configure Squid proxy capable of filtering encrypted HTTPS connections using Diladele Web Safety ICAP content filtering server. Being able to look into HTTPS contents greatly increases your ability to control what is allowed and accepted within your network while keeping inappropriate contents away.

16 Comment(s)

Add comment

Please register in our forum first to comment.

Comments

By: Ark74
Reply  

Hi!,

I'd like to say that you did a great work on this tutorial, pretty bleeding edge stuff, with squid3 and the ICAP server. :)

Very interesting, thanks.

By: Ark74
Reply  

I started wondering, will this set up work as a transparent proxy too?

 Or does it requiere heavy configuration to make it transparent?

By: Anonymous
Reply  

Thanks for posting this. I've been working on filtering my wifi for children using tablets.

I couldn't get the items before "Install Diladele Web Safety" working. I just downloaded directly from Squid and compiled using their directions for Debian/Ubuntu using:


configure options:  '--enable-ssl-crtd' '--enable-ssl' '--prefix=/usr' '--localstatedir=/var' '--libexecdir=/usr/lib/squid3' '--srcdir=.' '--datadir=/usr/share/squid3' '--sysconfdir=/etc/squid3' '--with-default-user=proxy' '--with-logdir=/var/log' '--with-pidfile=/var/run/squid3.pid' '--enable-icap-client'

I also had to disable adult keyword filtering to even reply to this blog, so I guess I'll see how good that filtering is.

 

By: Dmitriy
Reply  

Thanks for article!

 

Please add link to  squid.conf.patch https://raw.github.com/ra-at-diladele-com/qlproxy_external/master/https_squid_compile/squid.conf.patch

By: Dessoy
Reply  

Thank you!

By: Ark74
Reply  

I have a big question.

Does the SSL content is cached using  SSL Bumping? I mean can the content be cached if passed through a secure connection.

Thanks.

By: wrx006
Reply  

 

 This article was simply copied and pasted verbatim from the quintolabs.com support page (https://github.com/ra-at-diladele-com/qlproxy_external/wiki/Administrators-Guide). If you browse the quintolabs docs, they detail the process for setting this up as a transparent proxy and many other configurations.

By: Gabriel
Reply  

Hello,

I get the following error, with mention that i use ubuntu 14.04.3

 

Environment:

 

 

Request Method: GET

Request URL: http://192.168.0.1/accounts/login/

 

Django Version: 1.5

Python Version: 2.7.6

Installed Applications:

('django.contrib.admin',

 'django.contrib.auth',

 'django.contrib.contenttypes',

 'django.contrib.sessions',

 'django.contrib.messages',

 'django.contrib.staticfiles',

 'diladele',

 'qlproxy',

 'squid',

 'report',

 'monitor',

 'www')

Installed Middleware:

('django.contrib.sessions.middleware.SessionMiddleware',

 'django.middleware.common.CommonMiddleware',

 'django.middleware.csrf.CsrfViewMiddleware',

 'django.contrib.auth.middleware.AuthenticationMiddleware',

 'django.contrib.messages.middleware.MessageMiddleware',

 'django.middleware.clickjacking.XFrameOptionsMiddleware',

 'console.middleware.LoginRequiredMiddleware')

 

 

Traceback:

File "/usr/local/lib/python2.7/dist-packages/django/core/handlers/base.py" in get_response

  103.                     resolver_match = resolver.resolve(request.path_info)

File "/usr/local/lib/python2.7/dist-packages/django/core/urlresolvers.py" in resolve

  319.             for pattern in self.url_patterns:

File "/usr/local/lib/python2.7/dist-packages/django/core/urlresolvers.py" in url_patterns

  347.         patterns = getattr(self.urlconf_module, "urlpatterns", self.urlconf_module)

File "/usr/local/lib/python2.7/dist-packages/django/core/urlresolvers.py" in urlconf_module

  342.             self._urlconf_module = import_module(self.urlconf_name)

File "/usr/local/lib/python2.7/dist-packages/django/utils/importlib.py" in import_module

  35.     __import__(name)

File "/opt/qlproxy/var/console/console/urls.py" in <module>

  11.     url(r'^diladele/', include('www.urls')),    

File "/usr/local/lib/python2.7/dist-packages/django/conf/urls/__init__.py" in include

  25.         urlconf_module = import_module(urlconf_module)

File "/usr/local/lib/python2.7/dist-packages/django/utils/importlib.py" in import_module

  35.     __import__(name)

File "/opt/qlproxy/var/console/www/urls.py" in <module>

  8. from www import views

File "/opt/qlproxy/var/console/www/views.py" in <module>

  20. from django.contrib.messages.views import SuccessMessageMixin

 

Exception Type: ImportError at /accounts/login/

Exception Value: No module named views

 

By: Justin
Reply  

The archive with the patches is no longer available, can you please provide another link?

By: dongwon
Reply  

Here you are.

https://docs.diladele.com/administrator_guide_4_0/system_configuration/https_filtering/recompile_squid.html

By: hackensolo
Reply  

for debian : http://packages.diladele.com/qlproxy/4.8.0.935B/amd64/release/debian8/qlproxy-4.8.0.935B_amd64.deb

By: hackensolo
Reply  

When I launch /usr/sbin/squid3 -k parse on Debian 8 :

FATAL: Unable to find configuration file: /opt/qlproxy/etc/squid/squid.acl: (2) No such file or directory

By: ali dashti
Reply  

 hi there,

great tutorial and many thanks! however, the archive link is broken. can you help?

Ali

By: Beca
Reply  

Is this free software solution or not?

By: Abobo
Reply  

Author you joke? What about that Web Filter is a trial stuff!

All your post about nothing.

 

By: till
Reply  

The software was available for free and not a trial at the time the tutorial was written in 2013.