I am trying to get Squid Proxy (v3.5) operating in transparent mode for HTTP as well as HTTPS. I need to have filtering enabled on this as well.
Now, both HTTP and HTTPS work and HTTP filtering works. However, HTTPS filter does not seem to have any effect - all sites are allowed through.
Here's my config.
squid.conf
visible_hostname squid
# Handling HTTP requests
http_port 3129 intercept
acl allowed_http_sites dstdomain .bbc.com
http_access allow allowed_http_sites
# Handling HTTPS requests
https_port 3130 cert=/etc/squid/ssl/squid.pem ssl-bump intercept
acl SSL_port port 443
http_access allow SSL_port
acl allowed_https_sites ssl::server_name .bbc.com
acl step1 at_step SslBump1
acl step2 at_step SslBump2
acl step3 at_step SslBump3
ssl_bump peek step1 all
ssl_bump peek step2 allowed_https_sites
ssl_bump splice step3 allowed_https_sites
ssl_bump terminate step3 all
http_access deny all
iptables
*nat
:PREROUTING ACCEPT [9:588]
:INPUT ACCEPT [3:228]
:OUTPUT ACCEPT [68:4947]
:POSTROUTING ACCEPT [68:4947]
-A PREROUTING -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 3130
-A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3129
COMMIT
From above, only *.bbc.com sites should be able to get through, which is the case with HTTP. I cannot see anything wrong for HTTPS, so why are all sites allowed through instead of just *.bbc.com ?
