Search squid archive

Re: squid transparent proxy - https ssl filtering url

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 24/03/2012 1:44 a.m., Michał Wiącek wrote:
You seem to be speaking of a interception gateway filter.

SSL was designed to prevent man-in-the-middle attacks (aka interception)
>from being done.

Mayby i sayd wrong - i do not want intercept , but only decise wchich host
can connect

This is not possible. The URL is inside the encryption. You must decrypt
the traffic in order to even see the URL.
I do not want filter all url , only host, if host is encrypte how routers
know whith host connect?

Ah okay language problems.

The destination IP and port is known from TCP. And when the browser is configured to use a proxy it sends the domain name as well. But nothing else is eaisly available for HTTPS.


If I am understanding you right, what you actually want is a whitelist or blacklist of destinations in the firewall. This would work better than what Squid can offer with HTTPS.

In both cases you have the same problems of figuring out and listing what destination IP/host are to be blocked or allowed. The firewall can do it far faster and simpler though.

Amos


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux