On Sun, 2007-02-11 at 14:45 -0300, Leonardo Rodrigues Magalhães wrote: > Never used l7 for doing that kind of filtering, dont know if it's > possible. > > Anyway, if you need some hard filtering based on URLs, both http and > https, i would recommend that you use an http/https proxy, just like > squid, for doing that. > > Completly block https (TCP/443) traffic with iptables and get your > clients for use an http/https proxy and does the filtering there. I'm > pretty convinced it will be easier and you'll have a lot more > flexibility on the rules. Squid's ACLs are pretty flexible, you should > give it a try. Does it work in transparent mode ( I mean for https)? I just can't tell all clients to use squid by phone, https filtering must be hidden for them. As I know the latest squid supports totally transparent mode, is that working for https also? Thanks, Alexc. > > > vects escreveu: > > Hi, > > > > I'm looking for solution of the next problem, I have to enable/disable > > an access to list of https web servers, I don't know in advance IPs of > > them, permit rule must be based of the url user typed in location bar. > > > > Is possible to do that by iptables and extentions? > > I thought about l7 filter. > > > > >