On 2014-06-06 08:38, Brian Caouette wrote:
> For the past few days I was experiencing issues were squidguard did not always work. Finally this morning I stumble into the problem. It turns out that if you enable the save bandwidth feature in chrome you can access all the adult sites. If you shut the feature off everything is blocked as expected. I've test with android phone and iPad and it works the same. I guess my next question is what port is chrome using for this feature and how to we tell squidguard to also watch for content on this port that also needs to be filtered? Based on https://developer.chrome.com/multidevice/data-compression , I suspect the answer is: Good luck! My guess is that it'll be using port 443 to an unpredictable subset of servers inside Google's address space, and I wouldn't be the slightest bit surprised if blocking that traffic pretty much just breaks Chrome on mobile altogether. Google, among others, is moving strongly in the direction of not allowing carriers (including local LAN admins) to silently interfere with HTTP(S) traffic in any way. The remaining way involves blocking all outbound HTTPS and forcing it all to go through a proxy server... although even there, I wouldn't be surprised if Chrome tunnels HTTPS-over-SPDY-over-HTTPS-over-HTTP(proxy). Please let us know what winds up working for you. -Adam
_______________________________________________ List mailing list [email protected] https://lists.pfsense.org/mailman/listinfo/list
