[squid-users] Youtube "challenges"

[Darren]

Hi

and thanks for the feedback. I have Splice running OK however want I really want to do is to allow the splice when a user opens a link that navigates to https://www.youtube.com/embed/blahblah but not allow the user just to go directly to https://www.youtube.com and access the full site.

I can append a key to the https://www.youtube.com/embed/blahblah url that squid could use in the ACL but I am unsure if the query would be visible at that point to allow the Splice to be allowed only if this key is present.

I have looked at Dansguardian and other solutions but just a controlled splice is the sexy option..

thanks again





Sent from Mailbird [http://www.getmailbird.com/?utm_source=Mailbird&utm_medium=email&utm_campaign=sent-from-mailbird]
On 24/02/2016 7:05:19 AM, Amos Jeffries <squid3 at treenet.co.nz> wrote:
On 24/02/2016 11:19 a.m., Darren wrote:
>
> Hi
>
> As Google owns the entire food chain (when you use Chrome talking to Youtube) SSL_Bump upsets everything and the browser blocks access detecting the MITM bump.
>
> I am looking at school level protection so I want to avoid installing certs on the clients and create a seamless experience.
>
> I am playing with the restrict.youtube.com feature at the moment, at least this should limit the IP addresses I see in the CONNECT sessions.
>

FWIW: the SSL-Bump splice functionality (without 'bump') does not
require certificate installation on the clients, but still gives the
control benefits of intercepting port 443 and SNI server name ACLs. It
also works seamlessly with the current fad of certificate pinning in
browsers.

Amos
_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160224/fdd99e70/attachment-0001.html>