Merge branch 'feature/KASM-2637-web-filter-blocks-access-to-https-sites-not-on-443' into 'develop'

KASM-2637 Removed rules blocking non 443 CONNECT command Closes KASM-2637 See merge request kasm-technologies/internal/workspaces-core-images!61
2024-11-22 15:33:08 +01:00 · 2022-05-16 19:27:17 +00:00 · 2022-05-16 19:27:17 +00:00 · 156ada9b1f
commit 156ada9b1f
parent c288c7d6f1 e2fa2a8b3e
1 changed files with 4 additions and 2 deletions
--- a/src/ubuntu/install/squid/resources/squid.conf
+++ b/src/ubuntu/install/squid/resources/squid.conf
@ -16,7 +16,6 @@ ssl_bump splice ssl_bypass_domains
 ssl_bump splice ssl_bypass_ips
 ssl_bump bump all

-acl SSL_ports port 443
 acl CONNECT method CONNECT

 # The following two lines are an example of how we can leaverage squid to block ports, there can be as 
@ -24,7 +23,10 @@ acl CONNECT method CONNECT
 #acl Safe_ports port 443         # https
 #http_access deny !Safe_ports

-http_access deny CONNECT !SSL_ports
+# Users need to connect to non 443 ports for https traffic. We comment out the standard deny here.
+#acl SSL_ports port 443
+#http_access deny CONNECT !SSL_ports
+
 http_access allow localhost manager
 http_access deny manager
 http_access allow localhost