2016-06-08 17:37 GMT-03:00 Marcus Kool <marcus.kool@xxxxxxxxxxxxxxx>:
On 06/08/2016 05:05 PM, Sergio Belkin wrote:
Hi,
I've been using a few years ago squid+dansguardian. But nowadays, DG is not maintained anymore. I know that exists squidGuard, ufdbGuard, and e2guardian.
Features should be:
- Blocking https url's
Blocking HTTPS URLs is easy.
However, providing an understandable message to the end user is a challenge.
This is because HTTPS, is designed to not be interfered with, and if a proxy interferes, a browser will display errors like "wrong certificate for this site".
If you want user-friendly error messages like "This site is blocked because ..." instead of the certificate errors,
one needs sslbump with peek+bump for all blocked sites. This is doable but not straightforward.
Yup, you've got it.
- Not need of interception..... is that possible?
It depends. If you support smartphones, you most likely need interception since not all apps can be configured to use a proxy.
With only desktops, interception is not required but you may need to install the Squid CA certificate on all desktops.
And what about authentication? Can a user authenticate to Active Directory at logon time to use squid?
- Simple for configure and good perfomance
squidGuard is also not maintained for a long time so not recommendable.
ufdbGuard has regular updates, can be used with free and commercial URL databases, and is 3x faster than squidGuard.
Note that I am the author of ufdbGuard so you may find me biased :-)
:-) OK, thanks for your sincerity
Marcus
What do you recommend me?
Thanks in advance!
--
--
Sergio Belkin
LPIC-2 Certified - http://www.lpi.org
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
--
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
