[squid-users] Need tips in order to force youtube in HTTP only
Eliezer Croitoru
eliezer at ngtech.co.il
Sun Feb 22 22:10:12 UTC 2015
On 22/02/2015 13:56, Amos Jeffries wrote:
> The google page about forcing safesearch currently recommends hijacking
> DNS. Which may also work for YouTube but its not clear.
I must mention also:
If only youtube is the issue, there is an idea to pre-identify these dns
requests and only ssl-bump these IP addresses which would point into any
youtube http domain.(*.youtube.com and similar)
If there is an option to pre create a ssl certificate which contains all
the needed domains for this interception you might be able to install
only a "bundle" of certificates which can be used by the users.
Installing a certificate in a windows system can be pretty simple if you
have the knowledge and the right permissions.
The main issue is "pinning" this certificate inside the ssl_crtd
certificates directory.
Eliezer
More information about the squid-users
mailing list