Bart Silverstrim <[EMAIL PROTECTED]> wrote:

> We are currently running Squid and SquidGuard on FreeBSD for  
> monitoring/proxying web browsing activity at our workplace.  The  
> problem is that some users figured out how to use a specific type of  
> proxy to bypass protections...specifically, they're going through an  
> https site.
> 
> Is it possible to run a proxy that can monitor https connections and  
> block them if necessary?

To monitor https connections the proxy has to run a man in the middle
attack and unless you change the certificates on the clients, this
will cause browser warnings and confuse users.

Depending on your country it may also be illegal if you don't inform
the users about it, but of course that's true for monitoring in general.

If you're only talking about blocking SSL connections to hosts
that aren't white-listed, you can simply block CONNECT requests
on the proxy and use a packet filter to make sure the clients
can't just bypass the proxy.

I assume that Squid itself can block CONNECT requests based on
the hostname, but if it can't, you could add Privoxy to your
proxy chain to do that.

Fabian

Attachment: signature.asc
Description: PGP signature

Reply via email to