El 29/05/12 10:32, Jambaz escribió: > Hi to all , i have squid 3.1.19 it's working all for http , the "problem" is > only when the sites that i have blocked use https , with https ( port 443 ) > the site likes facebook,google plus,twitter and also sites very dangerous > bypass squid and go normally like squid doesn't exist... > Which i have to use and to do , to intercept also ssl sites ? > One solution is deny all ssl sites....but i can't because https is also used > for seriously sites ( and not for social ntworks ) and i only need to deny > them and not the first... > > Any reply will be appreciated > > Regards > Hi, i use squid witth ssl-bump for this, i need to intercept ssl connections to block any ssl sites while letting people use other ssl enabled websites (like gmail), you will need to install your own ca in the user browsers (if you don't the number of dialogs about how insecure a site it is are a real nightmare), this can be automated depending on what browser and OS you are using (windows + ie very easy with active directory group policies), you will find any insights in this links: http://wiki.squid-cache.org/Features/SslBump http://wiki.squid-cache.org/Features/DynamicSslCert http://dvas0004.wordpress.com/2011/03/22/squid-transparent-ssl-interception/ Regards, Miguel Angel.
