[squid-users] Somewhat OT: Content Filter with https

Sergio Belkin sebelk at gmail.com
Wed Jun 8 20:54:04 UTC 2016


2016-06-08 17:37 GMT-03:00 Marcus Kool <marcus.kool at urlfilterdb.com>:

>
>
> On 06/08/2016 05:05 PM, Sergio Belkin wrote:
>
>> Hi,
>>
>> I've been using a few years ago squid+dansguardian. But nowadays, DG is
>> not maintained anymore. I know that exists squidGuard, ufdbGuard, and
>> e2guardian.
>>
>> Features should be:
>>
>> - Blocking https url's
>>
>
> Blocking HTTPS URLs is easy.
> However, providing an understandable message to the end user is a
> challenge.
> This is because HTTPS, is designed to not be interfered with, and if a
> proxy interferes, a browser will display errors like "wrong certificate for
> this site".
> If you want user-friendly error messages like "This site is blocked
> because ..." instead of the certificate errors,
> one needs sslbump with peek+bump for all blocked sites. This is doable but
> not straightforward.
>


Yup, you've got it.


>
> - Not need of interception..... is that possible?
>>
>
> It depends.  If you support smartphones, you most likely need interception
> since not all apps can be configured to use a proxy.
> With only desktops, interception is not required but you may need to
> install the Squid CA certificate on all desktops.
>


And what about authentication? Can a user authenticate to Active Directory
at logon time to use squid?



>
> - Simple for configure  and good perfomance
>>
>
> squidGuard is also not maintained for a long time so not recommendable.
> ufdbGuard has regular updates, can be used with free and commercial URL
> databases, and is 3x faster than squidGuard.
>
> Note that I am the author of ufdbGuard so you may find me biased :-)
>


:-) OK, thanks for your sincerity


>
> Marcus
>
> What do you recommend me?
>>
>> Thanks in advance!
>>
>> --
>> --
>> Sergio Belkin
>> LPIC-2 Certified - http://www.lpi.org
>>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>



-- 
--
Sergio Belkin
LPIC-2 Certified - http://www.lpi.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160608/b6a18ff5/attachment.html>


More information about the squid-users mailing list