[squid-users] Youtube "challenges"
Amos Jeffries
squid3 at treenet.co.nz
Tue Feb 23 23:05:04 UTC 2016
On 24/02/2016 11:19 a.m., Darren wrote:
>
> Hi
>
> As Google owns the entire food chain (when you use Chrome talking to Youtube) SSL_Bump upsets everything and the browser blocks access detecting the MITM bump.
>
> I am looking at school level protection so I want to avoid installing certs on the clients and create a seamless experience.
>
> I am playing with the restrict.youtube.com feature at the moment, at least this should limit the IP addresses I see in the CONNECT sessions.
>
FWIW: the SSL-Bump splice functionality (without 'bump') does not
require certificate installation on the clients, but still gives the
control benefits of intercepting port 443 and SNI server name ACLs. It
also works seamlessly with the current fad of certificate pinning in
browsers.
Amos
More information about the squid-users
mailing list