On Tue, 2008-02-19 at 15:38 -0300, Marcus Kool wrote:
>
> Matus UHLAR - fantomas wrote:
> > On 17.02.08 18:10, Sam Przyswa wrote:
> >> We use Squid and SquidGuard to control webmails access, that work fine,
> >> but for those who use HTTPS protocole Squid/SquidGuard doesn't operate.
> >> Is it a way to control HTTPS as well HTTP trafic ?
> >
> > no. the HTTPS traffic consists of CONNECT requests where the procy has no
> > idea what URLs are being retrieved and what requests (GET/POST/...) pass
> > through it - that is the 's'="secure" in the https.
>
> False. If https traffic goes via Squid, the URL can go to a redirector and
> filter based on either
> a) domain name
> b) connect to the site and verify valid certificate
>
> ufdbGuard does this and successfully blocks SSH tunnels over HTTPS.
There is also the SSL Bump feature in Squid3 that allows to decrypt
HTTPS on-the-fly for detailed inspection, usually with user consent:
http://wiki.squid-cache.org/Features/SslBump
HTH,
Alex.
Received on Tue Feb 26 2008 - 21:37:53 MST
This archive was generated by hypermail pre-2.1.9 : Sat Mar 01 2008 - 12:00:05 MST