Posted on 2010-01-03
Last Modified: 2012-05-08
Hey Guys,

I am using IPCop-Linux based firewall like m0n0wall and moothwall for my firewall with various addons like advanced proxy, Block out Traffic and URL Filter.

URL filter works using the advanced proxy.
I am able to block domains and url and redirect users to where I want if they go to a restricted site.

Port 80 and 443 are open

Its a windows 2003 server environment, I have disabled all browsers except IE, and entered the proxy settings in the GPO.

Here is what I am trying to do now:
1) block certain domains for http and https access. Currently only http sites are only being blocked while using transparent proxy, https is open. When I disable transparent proxy and enter the proxy setting in the browser, http works like before but https completely stops working, I get a message, "you are not authorized to view this page"

So I would like to block "certain" domains for https and http access both.

2) These addons allow me to enter list of IP's if I want them to be unfiltered. That makes that IP completely free of the block list (access to everything). But I want to instate another list for those unfiltered IP's.

According to what I found on Google and IPCop's forum this is possible using ACL entries with Squid. I am not familiar with Squid ACL's so would like someone to help.

This are the two links I found:
Question by:Shivtek
    1 Comment
    LVL 39

    Accepted Solution

    https & proxies are problematic.
    basicly you cannot see what goes throught the pipeline (otherwise a man in the middle attack on https would be too easy...

    https is encrypted from front (Browser) to end (webserver/ssl frontend to webserver).

    You can effectively only block on ip address... but not on hostname as the hostname is only sent AFTER the ssl tunnels has been established as part of the HTTP request header.

    Featured Post

    Find Ransomware Secrets With All-Source Analysis

    Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

    Join & Write a Comment

    Suggested Solutions

    ​Being a Managed Services Provider (MSP) has presented you  with challenges in the past— and by meeting those challenges you’ve reaped the rewards of success.  In 2014, challenges and rewards remain; but as the Internet and business environment evol…
    I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    733 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    24 Experts available now in Live!

    Get 1:1 Help Now