Filtering https with squid is cumbersome and difficult, politically incorrect, and it may break legitimate browsing to say a bank or credit union.
Unfortunately, google is pressuring sites to be https only which puts pressure on me to content filter https making me a man in the middle attacker even if I'm doing it to protect myself and my family. I want to content filter sites that are of unknown nature and allow direct https for URLS that are known legitimate. So there are three cases for what should happen. Case one: The site is whitelisted and should be allowed direct without a proxy in the middle, access must work. Case two: The site is not whitelisted or blacklisted so access should be through a content filter only. Case three: The site is blacklisted and known bad where no access should be allowed and the user should be redirected to a local web site telling them about this. If I know a site is bad news or problematic, I don't want it in the local squid cache at all. If I blacklist a site that e2guardian doesn't like, I want to purge it from the squid cache. I'm also wondering if the squid cache should be on a ram drive so that I'm not hammering the hard drive with the data that I potentially don't want to keep anyways? I stopped using e2guardian because I was filling the hard drive, I only have 500 gigs where I don't see the need to go multi terabyte just to hold onto web sites that I deem inappropriate anyways. Another possibility, the logging was too much from e2guardian and that's what was filling up the drive. I need help getting transparent proxying working and I want to implement a bypass when https sites are legit and have to work. I also want to redirect instead of filtering for sites that are known bad. When I stopped using e2guardian I started using opendns and squidguard. Not content filtering though means you don't block the unknown bad site. There's bad content, but there is also the possibly of bad downloads. _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
