Re: [pfSense] Squid3 with https filtering
On 06/17/2014 05:32 PM A Mohan Rao wrote: actually i need to block https sites like https facebook or https youtube etc with transparent proxy. now pls give any idea...! You may want to try using the CONNECT method in order to filter HTTPS requests. Those happen before a secure connection is being established. This way you can filter I usually run dansguardian which has a quite complex but very effective way of filtering SSL related traffic. From its documentation: Blanket SSL blocking so you can block SSL anonymous proxies and allow access to legitimate SSL sites such as banking by whitelisting = http://dansguardian.org/ But be aware using CONNECT method based filtering requires the proxy to be explicitly configured on respective devices and therefore won't work with a transparent proxy. Additional information on the CONNECT method: http://wiki.squid-cache.org/Features/HTTPS Cheers signature.asc Description: OpenPGP digital signature ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Squid3 with https filtering
I m using squid3-dev and squardguard-squid3 with transparent proxy with https proxy. All works fine but gmail or goole not open. Other sites working good. When i try to access google or gmail its given certificate error. i checked my level best also many times create or delete certificates then also import that certificate on browser but still m having same problem... Really very appritiate and lots of thanks in advance if give any positive IDEA. Thanks Mohan +91 98260 61122 On Jun 18, 2014 1:02 PM, Jan j...@agetty.de wrote: On 06/17/2014 05:32 PM A Mohan Rao wrote: actually i need to block https sites like https facebook or https youtube etc with transparent proxy. now pls give any idea...! You may want to try using the CONNECT method in order to filter HTTPS requests. Those happen before a secure connection is being established. This way you can filter I usually run dansguardian which has a quite complex but very effective way of filtering SSL related traffic. From its documentation: Blanket SSL blocking so you can block SSL anonymous proxies and allow access to legitimate SSL sites such as banking by whitelisting = http://dansguardian.org/ But be aware using CONNECT method based filtering requires the proxy to be explicitly configured on respective devices and therefore won't work with a transparent proxy. Additional information on the CONNECT method: http://wiki.squid-cache.org/Features/HTTPS Cheers ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Squid3 with https filtering
There is a way to auto configure the proxy settings on modern browsers, so that you don't have to manually configure them individually WPAD and Proxy auto-config http://en.wikipedia.org/wiki/Web_Proxy_Autodiscovery_Protocol http://en.wikipedia.org/wiki/Proxy_auto-config Walter On Wed, Jun 18, 2014 at 8:14 AM, A Mohan Rao mohanra...@gmail.com wrote: I m using squid3-dev and squardguard-squid3 with transparent proxy with https proxy. All works fine but gmail or goole not open. Other sites working good. When i try to access google or gmail its given certificate error. i checked my level best also many times create or delete certificates then also import that certificate on browser but still m having same problem... Really very appritiate and lots of thanks in advance if give any positive IDEA. Thanks Mohan +91 98260 61122 On Jun 18, 2014 1:02 PM, Jan j...@agetty.de wrote: On 06/17/2014 05:32 PM A Mohan Rao wrote: actually i need to block https sites like https facebook or https youtube etc with transparent proxy. now pls give any idea...! You may want to try using the CONNECT method in order to filter HTTPS requests. Those happen before a secure connection is being established. This way you can filter I usually run dansguardian which has a quite complex but very effective way of filtering SSL related traffic. From its documentation: Blanket SSL blocking so you can block SSL anonymous proxies and allow access to legitimate SSL sites such as banking by whitelisting = http://dansguardian.org/ But be aware using CONNECT method based filtering requires the proxy to be explicitly configured on respective devices and therefore won't work with a transparent proxy. Additional information on the CONNECT method: http://wiki.squid-cache.org/Features/HTTPS Cheers ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list -- The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well-meaning but without understanding. -- Justice Louis D. Brandeis ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Squid3 with https filtering
On 17/6/14 10:32 am, A Mohan Rao wrote: actually i need to block https sites like https facebook or https youtube etc with transparent proxy. So in order to block Facebook and Youtube, you're going to put all your users at risk of SSL MITM attacks on every secure website they visit? You would be better off - I'd have thought - simply blocking the relevant DNS entries and/or IP ranges used by those websites you wish to block. DNS is probably better - and there are lists out there of Facebook DNS names, since blocking by IP range might knock out the whole CDN, which may be used by other sites as well. Kind regards, Chris -- This email is made from 100% recycled electrons ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Squid3 with https filtering
On Tue, 17 Jun 2014, A Mohan Rao wrote: actually i need to block https sites like https facebook or https youtube etc with transparent proxy. now pls give any idea...! Simple things like adding bogus DNS records pointing to your own server would stop the majority of non-tech savvy users. Blocking the majority of facebook ips would help too: http://stackoverflow.com/questions/11164672/list-of-ip-space-used-by-facebook -- Joe Laffey The Stable Visual Effects http://TheStable.tv/?e34619M/ ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
[pfSense] Squid3 with https filtering
Hello, Had anybody successfully configured squid3-dev with squidguard-squid3 with properly works https filtering...? Thanks MOHAN RAO +91 98260 61122 ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Squid3 with https filtering
Waiting... For new posts... On Jun 16, 2014 11:36 PM, A Mohan Rao mohanra...@gmail.com wrote: Hello, Had anybody successfully configured squid3-dev with squidguard-squid3 with properly works https filtering...? Thanks MOHAN RAO +91 98260 61122 ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Squid3 with https filtering
And? This list is only as active as the people that read it. Posting additional emails without additional information is, at the least, annoying. On Jun 16, 2014, at 21:31, A Mohan Rao mohanra...@gmail.com wrote: Waiting... For new posts... On Jun 16, 2014 11:36 PM, A Mohan Rao mohanra...@gmail.com wrote: Hello, Had anybody successfully configured squid3-dev with squidguard-squid3 with properly works https filtering...? Thanks MOHAN RAO +91 98260 61122 ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list