On 16/6/14 7:06 pm, A Mohan Rao wrote:
Had anybody successfully configured squid3-dev with squidguard-squid3 with
properly works https filtering...?
(not specific to pfSense, but might be useful info for HTTPS
interception in general)
You are only going to be able to do that if you have control over the
client machines and can add the Squid server's certificate to the client
browser's trust list, otherwise your users are going to get incorrect
certificate warnings whenever they browse an HTTPS site.
It does rather beg the question: why are you trying to do this?
Given HTTPS is *designed* to be a secure protocol end-to-end, breaking
it open in the middle, decrypting it, then re-encrypting it with your
certificate is just opening up an easy attack vector. At the very least
your users need to be made very clearly aware that this is what you're
doing and why you're breaking SSL to do it.
Kind regards,
Chris
--
This email is made from 100% recycled electrons
_______________________________________________
List mailing list
[email protected]
https://lists.pfsense.org/mailman/listinfo/list
