Configure Squid proxy for SSL/TLS inspection (HTTPS interception)

Squid proxy

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more.

Squid can be configured to make SSL/TLS inspection (aka HTTPS interception) so the proxy can decrypt proxied traffic (Squid calls this feature ssl bump).

Afaik the Squid package included in the Linux distros is not compiled with SSL/TLS inspection support but the good news is that diladele (its github repo and Websafety documentation are useful resources) provides packages for Ubuntu and Centos, recompiled (you can do by yourself) with support for HTTPS filtering and SSL/TLS inspection. This means that we have just to configure Squid. Not an easy task anyway ūüôā

I provide to you a working config, follow next steps.

Continue reading “Configure Squid proxy for SSL/TLS inspection (HTTPS interception)”

Block Flash content on Squid proxy

No more flash
No more flash

One of the trending topic I discuss regularly with my company IT department is the need to block Flash content on our navigation proxies.

As a Security people I have no doubt about, Flash must be blocked. Period.

Because I manage some¬†Squid proxy I made this simple and effective configuration in squid.conf¬† file. Continue reading “Block Flash content on Squid proxy”