HTTPS content filtering should be easy, assuming they have a database of sites to filter, and they're not doing it on the fly. For TLS <= 1.2 at least, you can use to get the hostname that the client is attempting to connect to.

Last I read, TLS 1.3 is encrypting/getting rid of SNI, which means if/when TLS 1.3 comes into play, all bets may be off. I think Procera is looking into things like machine learning and DNS inspection to try to deal with this, but it is a constant back and forth.

On 2/8/2018 12:40 PM, Randy Cosby wrote:

Also ask about how they filter HTTPS (i.e.: over 73% of the sites in America).

*From:* Af [] *On Behalf Of *Adam Moffett
*Sent:* Thursday, February 8, 2018 10:33 AM
*Subject:* Re: [AFMUG] Content filtering - Trustwave

Thanks for the tip!  I'll be sure to ask them in the engineering call next week.

------ Original Message ------

From: "Cassidy B. Larson" < <>>

To: <>

Sent: 2/8/2018 11:48:11 AM

Subject: Re: [AFMUG] Content filtering - Trustwave

    Ask them about IPv6. I’ve been asking for years. No movement, no
    plans. They say I can bridge v6 through it and block all v6.. but
    that’s not a solution.

        On Feb 8, 2018, at 9:30 AM, Adam Moffett <
        <>> wrote:

        Unrelated to Chuck's thread, we started talking internally
        about offering content filtering as a value add.

        An initial conversation with Trustwave seemed promising, and
        I'm supposed to have a follow up to discuss tech details later.

        But does anybody still do this?  Is there still consumer
        interest?  How much are/were you selling it for?

Simon Westlake | CEO
(702) 447-1247

Reply via email to