On 29.05.12 01:32, Jambaz wrote:
Hi to all , i have squid 3.1.19 it's working all for http , the "problem" is
only when the sites that i have blocked use https , with https ( port 443 )
the site likes facebook,google plus,twitter and also sites very dangerous
bypass squid and go normally like squid doesn't exist...
Which i have to use and to do , to intercept also ssl sites ?
One solution is deny all ssl sites....but i can't because https is also used
for seriously sites ( and not for social ntworks ) and i only need to deny
them and not the first...
There is one logical problem with intercepting of SSL connections:
SSL was made for nobody to be able to see what data you are requesting.
Thus, SSL (usually) works end-to-end.
By intercepting, you either able only to block destination by IP
address (you can do that on firewall too) or you must fake the
destination web certificates and in fact do the man-in-the-middle
attack, against which the SSL was designed.
--
Matus UHLAR - fantomas, uhlar@xxxxxxxxxxx ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Linux - It's now safe to turn on your computer.
Linux - Teraz mozete pocitac bez obav zapnut.