On Tue, 2008-02-19 at 15:38 -0300, Marcus Kool wrote: > > Matus UHLAR - fantomas wrote: > > On 17.02.08 18:10, Sam Przyswa wrote: > >> We use Squid and SquidGuard to control webmails access, that work fine, > >> but for those who use HTTPS protocole Squid/SquidGuard doesn't operate. > >> Is it a way to control HTTPS as well HTTP trafic ? > > > > no. the HTTPS traffic consists of CONNECT requests where the procy has no > > idea what URLs are being retrieved and what requests (GET/POST/...) pass > > through it - that is the 's'="secure" in the https. > > False. If https traffic goes via Squid, the URL can go to a redirector and > filter based on either > a) domain name > b) connect to the site and verify valid certificate > > ufdbGuard does this and successfully blocks SSH tunnels over HTTPS. There is also the SSL Bump feature in Squid3 that allows to decrypt HTTPS on-the-fly for detailed inspection, usually with user consent: http://wiki.squid-cache.org/Features/SslBump HTH, Alex.
