squid ubuntu 9.10 and block https

Ordinary ubuntu or desktop ubuntu does not set to be a server. Including not set for squid environment. So there is need a few change in the setting. Like the ip_forwarding function so the client can passthru the ubuntu to connect to the internet.
Actually we just need to change the parameter in /proc/sys/net/ipv4/ip_forward into 1. But sometime ubuntu will not save the change, so we need to put it in rc.local so it will re-set the value each time the ubuntu restart.

#sudo nano rc.local
echo 1 > /proc/sys/net/ipv4/ip_forward
#iptables-restore

Then activate squid. We may use standar squid port. And the important thing is using iptables to redirect all standar port to squid port. So everything will be using squid as a proxy. We can put a filter inside the squid to filter the content.
Rediretct port 80 which is standard port for browsing.

#sudo iptables -t nat -A PREROUTING -p tcp -m tcp -i eth0 –dport 80 -j REDIRECT –to-port 3128

Redirect port 443 or port for https. But this technique is not perfect. Squid can not filter port 443.

#sudo iptables -t nat -A PREROUTING -p tcp -m tcp -i eth0 –dport 443 -j REDIRECT –to-port 3128

It this way the squid will block https port. It does block everything use port 443, like web base email, login to some social network.
What I want is just filtering some content come thru port 443.
I still look for other method to filter port 443.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.