On 03/05/18 07:23, Leon Fauster wrote:
Am 05.03.2018 um 13:04 schrieb Nicolas Kovacs <info@xxxxxxxxxxxxx>:
Le 28/02/2018 à 22:23, Nicolas Kovacs a écrit :
So far, I've only been able to filter HTTP.
Do any of you do transparent HTTPS filtering ? Any suggestions,
advice, caveats, do's and don'ts ?
After a week of trial and error, transparent HTTPS filtering works
perfectly. I wrote a detailed blog article about it.
https://blog.microlinux.fr/squid-https-centos/
I wonder if this works with all https enabled sites? Chrome has
capabilities hardcoded to check google certificates.
Google, huh ;-( see below...
Certificate
Transparency, HTTP Public Key Pinning, CAA DNS are also supporting
the end node to identify MITM. I hope that such setup will be unpractical
in the near future.
About your legal requirements; Weighing is what courts daily do. So,
such requirements are not asking you to destroy the integrity and
confidentiality >95% of users activity. Blocking Routing, DNS, IPs,
Ports are the way to go.
I would add avoiding google and all google products by all means to the
above list ;-)
valeri
--
LF
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
--
++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
