Re: Squid and HTTPS interception on CentOS 7 ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

Am 05.03.2018 um 13:04 schrieb Nicolas Kovacs <info@xxxxxxxxxxxxx>:
> 
> Le 28/02/2018 à 22:23, Nicolas Kovacs a écrit :
>> So far, I've only been able to filter HTTP.
>> 
>> Do any of you do transparent HTTPS filtering ? Any suggestions,
>> advice, caveats, do's and don'ts ?
> 
> After a week of trial and error, transparent HTTPS filtering works
> perfectly. I wrote a detailed blog article about it.
> 
> https://blog.microlinux.fr/squid-https-centos/


I wonder if this works with all https enabled sites? Chrome has 
capabilities hardcoded to check google certificates. Certificate 
Transparency, HTTP Public Key Pinning, CAA DNS are also supporting
the end node to identify MITM. I hope that such setup will be unpractical    
in the near future. 

About your legal requirements; Weighing is what courts daily do. So, 
such requirements are not asking you to destroy the integrity and 
confidentiality >95% of users activity. Blocking Routing, DNS, IPs, 
Ports are the way to go. 

--
LF


_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]

  Powered by Linux