On Thu, 31 Mar 2005 00:26:06 +0200 (CEST), Henrik Nordstrom <hno@xxxxxxxxxxxxxxx> wrote: > On Wed, 30 Mar 2005, [ISO-8859-1] Henrik Østerlund Gram wrote: > > > As I understand from the FAQ and some old mails from 2000 in the > > archive, filtering https urls or content is not supported - > > Correct, you can only filter https by destination server name, not > complete URL. > > > and that is is so primarily for political reasons. > > No, purely technical reasons. The URL is encrypted by SSL and not visible > to the proxy. All the proxy sees is a bidirectional stream of random data. I realize that, but I also realize that there are a number of (commercial) products available that accomplish this. It should be possible to simply act as an SSL server yourself and while the certificates would be different (the proxy's) seen from the actual client and server's perspective, at least it could work. The alternatives for any company wanting some security is either disable https entirely or find a way to inspect and filter the data. I think you would find most wanting to still support https while not exposing themselves needlessly. Regards Henrik Gram
