[squid-users] Somewhat OT: Content Filter with https
Yuri Voinov
yvoinov at gmail.com
Wed Jun 8 20:40:07 UTC 2016
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
I confirm.
I've replaced squidGuard with ufdbguard significantly long time ago and
uses it in production. With SSL Bump.
It's very fast, has not unlimited memory consumption. And - this is
important - has client-server model.
09.06.2016 2:37, Marcus Kool пишет:
>
>
> On 06/08/2016 05:05 PM, Sergio Belkin wrote:
>> Hi,
>>
>> I've been using a few years ago squid+dansguardian. But nowadays, DG
is not maintained anymore. I know that exists squidGuard, ufdbGuard, and
e2guardian.
>>
>> Features should be:
>>
>> - Blocking https url's
>
> Blocking HTTPS URLs is easy.
> However, providing an understandable message to the end user is a
challenge.
> This is because HTTPS, is designed to not be interfered with, and if a
proxy interferes, a browser will display errors like "wrong certificate
for this site".
> If you want user-friendly error messages like "This site is blocked
because ..." instead of the certificate errors,
> one needs sslbump with peek+bump for all blocked sites. This is doable
but not straightforward.
>
>> - Not need of interception..... is that possible?
>
> It depends. If you support smartphones, you most likely need
interception since not all apps can be configured to use a proxy.
> With only desktops, interception is not required but you may need to
install the Squid CA certificate on all desktops.
>
>> - Simple for configure and good perfomance
>
> squidGuard is also not maintained for a long time so not recommendable.
> ufdbGuard has regular updates, can be used with free and commercial
URL databases, and is 3x faster than squidGuard.
>
> Note that I am the author of ufdbGuard so you may find me biased :-)
>
> Marcus
>
>> What do you recommend me?
>>
>> Thanks in advance!
>>
>> --
>> --
>> Sergio Belkin
>> LPIC-2 Certified - http://www.lpi.org
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJXWIKmAAoJENNXIZxhPexGbFsH/jZCTyhl1HqirZfMf9X1F+c7
Cx1c3BzdCw3qRSMP9LW52Uj0Fw9MLYTQ6Pe/HNdJu2atvLU9OOXmXHNDd4NSjL54
qrJj/HHXrRt9PVp9GnGkgFKj9iNpUN1H44IanjMcfyx1h9hfJ4vbjhYnqgnunieT
H2yLfycu0oMnYtn7ju9T7Jp7GgLkNm9JFvJN0EKKCqB7HtB7eQjmACj1dUhP+pGi
R7wsuGov+lf0oVutxeuzvIsvbuXLdcsQIZB+eAfOuzTTai5yqrR/IqaZMAgubjeN
CnmAHtcbRitBCB18YGx0PcWJSdTu1X42Hmc2K+slwMv1KYi19CZe5r88+narN3w=
=YDWa
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x613DEC46.asc
Type: application/pgp-keys
Size: 2437 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160609/eeee866e/attachment.key>
More information about the squid-users
mailing list