Other than SSL bump there is no known way to filter *contents* of HTTPS traffic. You can block the CONNECT <domain name>:443 *only* by domain name.
Raf > That approach does require that your users 'trust' the proxy and allow the necessary certificates. It's all well and good if you're in a corporate or domestic setting where you have control over the clients in question, but it's not really an option if you're providing services to the general public. _______________________________________________ List mailing list [email protected] https://lists.pfsense.org/mailman/listinfo/list
