Re: [CentOS] Squid and HTTPS interception on CentOS 7 ?

Hello Nicolas, On Wed, 28 Feb 2018 23:38:19 +0100 Nicolas Kovacs wrote: > Le 28/02/2018 à 22:32, Itamar Reis Peixoto a écrit : > > I recommend everyone in France to spend their money on a school with > > free internet. > > I'm not sure I understand. Our students sure

Re: [CentOS] Squid and HTTPS interception on CentOS 7 ?

Le 08/03/2018 à 19:09, Leon Fauster a écrit : > Just to rephrase my implicit question: Does your setup works for the > combination Chrome browser and google.com? > > Or in general, what are the limits of your described setup. Just > curious ... Works perfectly.

Re: [CentOS] Squid and HTTPS interception on CentOS 7 ?

Am 08.03.2018 um 18:07 schrieb Nicolas Kovacs : > > Guys. This is the CentOS mailing list, a place to discuss technical > questions... such as web content filtering. Just to rephrase my implicit question: Does your setup works for the combination Chrome browser and

Re: [CentOS] Squid and HTTPS interception on CentOS 7 ?

Le 08/03/2018 à 17:15, hw a écrit : > But you aren´t broadcasting messages, or are you? > > If they mean something like "make data accessible", the only way to > be compliant with such a law is by not providing public access. How > do you distinguish between things that are contrary to basic

Re: [CentOS] Squid and HTTPS interception on CentOS 7 ?

Nicolas Kovacs wrote: Le 08/03/2018 à 11:30, hw a écrit : The government says you must use squidguard to filter something? The law in France (Code Pénal, article 227-24) states that a public network is not allowed to broadcast messages containing violence, pornography or any content contrary

Re: [CentOS] Squid and HTTPS interception on CentOS 7 ?

On 03/08/18 06:09, Nicolas Kovacs wrote: Le 08/03/2018 à 11:30, hw a écrit : The government says you must use squidguard to filter something? The law in France (Code Pénal, article 227-24) states that a public network is not allowed to broadcast messages containing violence, pornography or

Re: [CentOS] Squid and HTTPS interception on CentOS 7 ?

Le 08/03/2018 à 11:30, hw a écrit : > The government says you must use squidguard to filter something? The law in France (Code Pénal, article 227-24) states that a public network is not allowed to broadcast messages containing violence, pornography or any content contrary to basic human dignity,

Re: [CentOS] Squid and HTTPS interception on CentOS 7 ?

Nicolas Kovacs wrote: Le 06/03/2018 à 18:48, hw a écrit : And how do you get a list of IPs from which data could be retrieved which the students are not supposed to see? How is this done anyway, does the government give out a list of URLs or IPs which you are required to block?  If not, what

Re: [CentOS] Squid and HTTPS interception on CentOS 7 ?

Le 06/03/2018 à 18:48, hw a écrit : > And how do you get a list of IPs from which data could be retrieved > which the students are not supposed to see? > > How is this done anyway, does the government give out a list of URLs > or IPs which you are required to block?  If not, what if you overlook

Re: [CentOS] Squid and HTTPS interception on CentOS 7 ?

Valeri Galtsev wrote: On 03/05/18 08:34, Bill Gee wrote: On Monday, March 5, 2018 7:23:53 AM CST Leon Fauster wrote: Am 05.03.2018 um 13:04 schrieb Nicolas Kovacs : Le 28/02/2018 à 22:23, Nicolas Kovacs a écrit : So far, I've only been able to filter HTTP. Do any of

Re: [CentOS] Squid and HTTPS interception on CentOS 7 ?

Leon Fauster wrote: Am 05.03.2018 um 13:04 schrieb Nicolas Kovacs : Le 28/02/2018 à 22:23, Nicolas Kovacs a écrit : So far, I've only been able to filter HTTP. Do any of you do transparent HTTPS filtering ? Any suggestions, advice, caveats, do's and don'ts ? After a

Re: [CentOS] Squid and HTTPS interception on CentOS 7 ?

Wouldn't filtering the DNS be more practical? On 5 March 2018 at 18:57, Leon Fauster wrote: > > > Am 05.03.2018 um 15:34 schrieb Bill Gee : > > > > > > On Monday, March 5, 2018 7:23:53 AM CST Leon Fauster wrote: > >> Am 05.03.2018 um 13:04

Re: [CentOS] Squid and HTTPS interception on CentOS 7 ?

On 2/28/2018 4:23 PM, Nicolas Kovacs wrote: Hi, I've been running Squid successfully on CentOS 7 (and before that on 6 and 5), and it's always been running nicely. I've been using it mostly as a transparent proxy filter in school networks. So far, I've only been able to filter HTTP. Do any of

Re: [CentOS] Squid and HTTPS interception on CentOS 7 ?

> Am 05.03.2018 um 15:34 schrieb Bill Gee : > > > On Monday, March 5, 2018 7:23:53 AM CST Leon Fauster wrote: >> Am 05.03.2018 um 13:04 schrieb Nicolas Kovacs : >>> Le 28/02/2018 à 22:23, Nicolas Kovacs a écrit : So far, I've only been able to

Re: [CentOS] Squid and HTTPS interception on CentOS 7 ?

On 03/05/18 10:21, Nicolas Kovacs wrote: Le 05/03/2018 à 16:30, Valeri Galtsev a écrit : Sorry, I missed the beginning of this thread. This sounds to me like running one's own Certification Authority. I did that a while ago for over a decade. However, these days one may consider

Re: [CentOS] Squid and HTTPS interception on CentOS 7 ?

Le 05/03/2018 à 16:30, Valeri Galtsev a écrit : > Sorry, I missed the beginning of this thread. This sounds to me like > running one's own Certification Authority. I did that a while ago for > over a decade. However, these days one may consider > > https://letsencrypt.org/ > > - you will have to

Re: [CentOS] Squid and HTTPS interception on CentOS 7 ?

On 03/05/18 08:34, Bill Gee wrote: On Monday, March 5, 2018 7:23:53 AM CST Leon Fauster wrote: Am 05.03.2018 um 13:04 schrieb Nicolas Kovacs : Le 28/02/2018 à 22:23, Nicolas Kovacs a écrit : So far, I've only been able to filter HTTP. Do any of you do transparent HTTPS

Re: [CentOS] Squid and HTTPS interception on CentOS 7 ?

On 03/05/18 07:23, Leon Fauster wrote: Am 05.03.2018 um 13:04 schrieb Nicolas Kovacs : Le 28/02/2018 à 22:23, Nicolas Kovacs a écrit : So far, I've only been able to filter HTTP. Do any of you do transparent HTTPS filtering ? Any suggestions, advice, caveats, do's and

Re: [CentOS] Squid and HTTPS interception on CentOS 7 ?

The certificate should have *CA:true* set for act a CA for dynamic signing certificates by Squid. Most probably, Let's Encrypt will ignore this constraint in CSR. 2018-03-05 12:33 GMT-03:00 Chris Adams : > Once upon a time, Valeri Galtsev said: > >

Re: [CentOS] Squid and HTTPS interception on CentOS 7 ?

Once upon a time, Valeri Galtsev said: > https://letsencrypt.org/ > > - you will have to run web server to have certificate signed by > them Not necessarily - we do most of our Let's Encrypt validation with DNS rather than HTTP. -- Chris Adams

Re: [CentOS] Squid and HTTPS interception on CentOS 7 ?

On 03/05/18 06:34, Nicolas Kovacs wrote: Le 05/03/2018 à 13:30, Nux! a écrit : You could probably just drop your CA cert in the filesystem and run a couple of commands to get it imported, rather than having to import the CA in the browsers individually. You could probably deliver it via

Re: [CentOS] Squid and HTTPS interception on CentOS 7 ?

Starting with version 3.5 of Squid, was introduced a new feature named "*SslBump Peek and Splice*". With this functionality, Squid is able to intercept HTTPS traffic transparently (with exceptions, of course). This manner, Squid, with spike, is able to logging HTTPS traffic and apply directives

Re: [CentOS] Squid and HTTPS interception on CentOS 7 ?

On Monday, March 5, 2018 7:23:53 AM CST Leon Fauster wrote: > Am 05.03.2018 um 13:04 schrieb Nicolas Kovacs : > > Le 28/02/2018 à 22:23, Nicolas Kovacs a écrit : > >> So far, I've only been able to filter HTTP. > >> > >> Do any of you do transparent HTTPS filtering ? Any

Re: [CentOS] Squid and HTTPS interception on CentOS 7 ?

Am 05.03.2018 um 13:04 schrieb Nicolas Kovacs : > > Le 28/02/2018 à 22:23, Nicolas Kovacs a écrit : >> So far, I've only been able to filter HTTP. >> >> Do any of you do transparent HTTPS filtering ? Any suggestions, >> advice, caveats, do's and don'ts ? > > After a week of

Re: [CentOS] Squid and HTTPS interception on CentOS 7 ?

Le 05/03/2018 à 13:30, Nux! a écrit : > You could probably just drop your CA cert in the filesystem and run a > couple of commands to get it imported, rather than having to import > the CA in the browsers individually. You could probably deliver it > via yum/rpm or better yet, ansible or even some

Re: [CentOS] Squid and HTTPS interception on CentOS 7 ?

. -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro - Original Message - > From: "Nicolas Kovacs" <i...@microlinux.fr> > To: "CentOS mailing list" <centos@centos.org> > Sent: Monday, 5 March, 2018 12:04:59 > Subject: Re: [Cent

Re: [CentOS] Squid and HTTPS interception on CentOS 7 ?

Le 28/02/2018 à 22:23, Nicolas Kovacs a écrit : > So far, I've only been able to filter HTTP. > > Do any of you do transparent HTTPS filtering ? Any suggestions, > advice, caveats, do's and don'ts ? After a week of trial and error, transparent HTTPS filtering works perfectly. I wrote a detailed

Re: [CentOS] Squid and HTTPS interception on CentOS 7 ?

On Wed, Feb 28, 2018 at 06:43:50PM -0300, Marcelo Ricardo Leitner wrote: > On Wed, Feb 28, 2018 at 10:23:31PM +0100, Nicolas Kovacs wrote: > > Hi, > > > > I've been running Squid successfully on CentOS 7 (and before that on 6 > > and 5), and it's always been running nicely. I've been using it

Re: [CentOS] Squid and HTTPS interception on CentOS 7 ?

Le 28/02/2018 à 22:43, Marcelo Ricardo Leitner a écrit : > I did some experiments ~2 weeks ago. It worked, but I still need to > work on the certificates. Squid will re-issue certificates for those > connections that it intercepts, and if the browser doesn't recognize > the CA, it's going to

Re: [CentOS] Squid and HTTPS interception on CentOS 7 ?

Le 28/02/2018 à 22:32, Itamar Reis Peixoto a écrit : > I recommend everyone in France to spend their money on a school with > free internet. I'm not sure I understand. Our students sure don't pay for accessing the Internet. > > please tell us the name of your school's. https://www.scholae.fr/

Re: [CentOS] Squid and HTTPS interception on CentOS 7 ?

On Wed, Feb 28, 2018 at 10:23:31PM +0100, Nicolas Kovacs wrote: > Hi, > > I've been running Squid successfully on CentOS 7 (and before that on 6 > and 5), and it's always been running nicely. I've been using it mostly > as a transparent proxy filter in school networks. > > So far, I've only been

Re: [CentOS] Squid and HTTPS interception on CentOS 7 ?

On 2018-02-28 06:23 PM, Nicolas Kovacs wrote: Hi, I've been running Squid successfully on CentOS 7 (and before that on 6 and 5), and it's always been running nicely. I've been using it mostly as a transparent proxy filter in school networks. So far, I've only been able to filter HTTP. Do any

[CentOS] Squid and HTTPS interception on CentOS 7 ?

Hi, I've been running Squid successfully on CentOS 7 (and before that on 6 and 5), and it's always been running nicely. I've been using it mostly as a transparent proxy filter in school networks. So far, I've only been able to filter HTTP. Do any of you do transparent HTTPS filtering ? Any