{"id":17417,"date":"2023-07-07T06:59:29","date_gmt":"2023-07-07T06:59:29","guid":{"rendered":"https:\/\/webhostinggeeks.com\/howto\/?p=17417"},"modified":"2023-07-06T07:07:38","modified_gmt":"2023-07-06T07:07:38","slug":"how-to-configure-squid-proxy-server-for-https-filtering","status":"publish","type":"post","link":"https:\/\/webhostinggeeks.com\/howto\/how-to-configure-squid-proxy-server-for-https-filtering\/","title":{"rendered":"How to Configure Squid Proxy Server for HTTPS Filtering"},"content":{"rendered":"

\"How<\/p>\n

As more and more data is transmitted over the internet, the need for secure connections has never been greater. One way to achieve this is through HTTPS filtering. HTTPS filtering allows you to inspect, monitor, and filter secure web traffic to enhance security and control.<\/p>\n

One tool that can help you achieve this is the Squid Proxy Server. Squid is a powerful and flexible proxy server that can be used to improve network performance by caching frequently accessed web content, reducing bandwidth usage, and speeding up response times. But beyond these, Squid also offers features for web traffic filtering, including HTTPS filtering.<\/p>\n

In this tutorial, we will guide you through the process of configuring Squid Proxy Server for HTTPS filtering on CentOS. This will allow you to monitor and control secure web traffic, enhancing your network’s security and performance.<\/p>\n

Before we proceed, it’s important to note that you should have Squid Proxy Server installed on your CentOS system. If you haven’t done so yet, you can refer to our previous tutorial on how to install and set up Squid Proxy Server<\/a>.<\/p>\n

Step 1: Enable SSL Bumping<\/h2>\n

The first step in configuring Squid for HTTPS filtering is to enable SSL Bumping. SSL Bumping is a feature in Squid that allows it to peek into the SSL traffic, enabling it to block or allow specific websites based on your rules.<\/p>\n

To enable SSL Bumping, open the Squid configuration file:<\/p>\n

vi \/etc\/squid\/squid.conf\r\n<\/pre>\n
Then, add the following lines to the configuration file:<\/p>\n
http_port 3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=\/etc\/squid\/ssl_cert\/myCA.pem\r\nssl_bump peek all\r\nssl_bump bump all\r\n<\/pre>\n
This will enable SSL Bump on port 3128 with the certificate located at \/etc\/squid\/ssl_cert\/myCA.pem.<\/p>\n
Step 2: Create SSL Certificate<\/h2>\n
Next, you need to create an SSL certificate that Squid will use for SSL Bumping. To do this, first, create a directory for the SSL certificate:<\/p>\n
mkdir \/etc\/squid\/ssl_cert\r\n<\/pre>\n
Then, navigate to the newly created directory:<\/p>\n
cd \/etc\/squid\/ssl_cert\r\n<\/pre>\n
Now, generate the SSL certificate:<\/p>\n
openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 -keyout myCA.pem -out myCA.pem\r\n<\/pre>\n
This will create a new SSL certificate named myCA.pem that will be valid for 365 days.<\/p>\n
Step 3: Configure Squid for HTTPS Filtering<\/h2>\n
Now that you have enabled SSL Bumping and created an SSL certificate, you can configure Squid for HTTPS filtering. To do this, open the Squid configuration file:<\/p>\n
vi \/etc\/squid\/squid.conf\r\n<\/pre>\n
Then, add the following lines to the configuration file:<\/p>\n
acl SSL_ports port 443\r\nacl CONNECT method CONNECT\r\nhttp_access deny CONNECT !SSL_ports\r\nhttp_access allow localhost manager\r\nhttp_access deny manager\r\nhttp_access allow localnet\r\nhttp_access allow localhost\r\nhttp_access deny all\r\n<\/pre>\n
These lines will configure Squid to filter HTTPS traffic. The ‘acl SSL_ports port 443’ line defines the SSL ports, the ‘acl CONNECT method CONNECT’ line defines the CONNECT method used for SSL connections, and the ‘http_access deny CONNECT !SSL_ports’ line denies any CONNECT requests that are not to SSL ports.<\/p>\n
Step 4: Restart Squid<\/h2>\n
After making these changes, you need to restart Squid for the changes to take effect. You can do this with the following command:<\/p>\n
systemctl restart squid\r\n<\/pre>\n
Step 5: Configure Your Browser to Use Squid<\/h2>\n
Once you’ve set up your Squid proxy server, the next step is to configure your web browser to use it. This process varies depending on the browser you are using. Here are the steps for some of the most popular web browsers:<\/p>\n
Google Chrome<\/h3>\n
    \n
  1. Open Google Chrome and click on the three-dot menu in the top-right corner.<\/li>\n
  2. Go to “Settings” and scroll down to the bottom of the page.<\/li>\n
  3. Click on “Advanced” to expand the advanced settings.<\/li>\n
  4. Under the “System” section, click on “Open your computer\u2019s proxy settings”.<\/li>\n
  5. In the “Proxy settings” window, under “Manual proxy setup”, turn on “Use a proxy server”.<\/li>\n
  6. Enter the IP address of your Squid server in the “Address” field and the port number (usually 3128) in the “Port” field.<\/li>\n
  7. Click “Save” to apply the changes.<\/li>\n<\/ol>\n
    Mozilla Firefox<\/h3>\n
      \n
    1. Open Firefox and click on the three-line menu in the top-right corner.<\/li>\n
    2. Go to “Options” and scroll down to the “Network Settings” section.<\/li>\n
    3. Click on “Settings” to open the “Connection Settings” window.<\/li>\n
    4. Select “Manual proxy configuration”.<\/li>\n
    5. Enter the IP address of your Squid server in the “HTTP Proxy” field and the port number in the “Port” field.<\/li>\n
    6. Check the box that says “Use this proxy server for all protocols”.<\/li>\n
    7. Click “OK” to apply the changes.<\/li>\n<\/ol>\n
      Safari<\/h3>\n
        \n
      1. Open Safari and click on “Safari” in the menu bar, then select “Preferences”.<\/li>\n
      2. Go to the “Advanced” tab and click on “Change Settings” next to “Proxies”.<\/li>\n
      3. In the “Proxies” window, check the box for “Web Proxy (HTTP)”.<\/li>\n
      4. Enter the IP address of your Squid server in the “Web Proxy Server” field and the port number in the field next to it.<\/li>\n
      5. Click “OK” and then “Apply” to save the changes.<\/li>\n<\/ol>\n
        Microsoft Edge<\/h3>\n
          \n
        1. Open Microsoft Edge and click on the three-dot menu in the top-right corner.<\/li>\n
        2. Go to “Settings” and select “System” on the left side.<\/li>\n
        3. Under “System”, click on “Open your computer\u2019s proxy settings”.<\/li>\n
        4. In the “Proxy settings” window, under “Manual proxy setup”, turn on “Use a proxy server”.<\/li>\n
        5. Enter the IP address of your Squid server in the “Address” field and the port number (usually 3128) in the “Port” field.<\/li>\n
        6. Click “Save” to apply the changes.<\/li>\n<\/ol>\n
          Commands Mentioned:<\/h2>\n