<div dir="ltr"><div class="gmail_extra"><br><div class="gmail_quote">2016-06-08 17:37 GMT-03:00 Marcus Kool <span dir="ltr"><<a href="mailto:marcus.kool@urlfilterdb.com" target="_blank">marcus.kool@urlfilterdb.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class=""><br>
<br>
On 06/08/2016 05:05 PM, Sergio Belkin wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi,<br>
<br>
I've been using a few years ago squid+dansguardian. But nowadays, DG is not maintained anymore. I know that exists squidGuard, ufdbGuard, and e2guardian.<br>
<br>
Features should be:<br>
<br>
- Blocking https url's<br>
</blockquote>
<br></span>
Blocking HTTPS URLs is easy.<br>
However, providing an understandable message to the end user is a challenge.<br>
This is because HTTPS, is designed to not be interfered with, and if a proxy interferes, a browser will display errors like "wrong certificate for this site".<br>
If you want user-friendly error messages like "This site is blocked because ..." instead of the certificate errors,<br>
one needs sslbump with peek+bump for all blocked sites. This is doable but not straightforward.<span class=""><br></span></blockquote><div><br><br></div><div>Yup, you've got it.<br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
- Not need of interception..... is that possible?<br>
</blockquote>
<br></span>
It depends. If you support smartphones, you most likely need interception since not all apps can be configured to use a proxy.<br>
With only desktops, interception is not required but you may need to install the Squid CA certificate on all desktops.<span class=""><br></span></blockquote><div><br><br></div><div>And what about authentication? Can a user authenticate to Active Directory at logon time to use squid?<br></div><div><br> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
- Simple for configure and good perfomance<br>
</blockquote>
<br></span>
squidGuard is also not maintained for a long time so not recommendable.<br>
ufdbGuard has regular updates, can be used with free and commercial URL databases, and is 3x faster than squidGuard.<br>
<br>
Note that I am the author of ufdbGuard so you may find me biased :-)<span class="HOEnZb"><font color="#888888"><br></font></span></blockquote><div><br><br></div><div>:-) OK, thanks for your sincerity<br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="HOEnZb"><font color="#888888">
<br>
Marcus</font></span><span class="im HOEnZb"><br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
What do you recommend me?<br>
<br>
Thanks in advance!<br>
<br>
--<br>
--<br>
Sergio Belkin<br>
LPIC-2 Certified - <a href="http://www.lpi.org" rel="noreferrer" target="_blank">http://www.lpi.org</a><br>
</blockquote></span><div class="HOEnZb"><div class="h5">
_______________________________________________<br>
squid-users mailing list<br>
<a href="mailto:squid-users@lists.squid-cache.org" target="_blank">squid-users@lists.squid-cache.org</a><br>
<a href="http://lists.squid-cache.org/listinfo/squid-users" rel="noreferrer" target="_blank">http://lists.squid-cache.org/listinfo/squid-users</a><br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr">--<br>Sergio Belkin<br>LPIC-2 Certified - <a href="http://www.lpi.org" target="_blank">http://www.lpi.org</a></div></div></div></div>
</div></div>