Re: Creating https certificates dynamically for redirected/blocked requests

On 2016-06-15, Peter Fokker wrote: > Ted Wynnychenko wrote: > [...] >> I block connections based on a list from malwaredomains.com. >> A script runs nightly that downloads the list/changes, creates >> zone files, and reloads unbound/nsd. The "blocked" zone files >> point

Re: Creating https certificates dynamically for redirected/blocked requests

On 2016-06-14, Ted Wynnychenko wrote: >>From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of > Stuart Henderson >>Sent: Tuesday, June 14, 2016 12:31 PM >> >>On 2016-06-14, Ted Wynnychenko wrote: >>> This really isn't a big deal; but

Re: Creating https certificates dynamically for redirected/blocked requests

Tue, 14 Jun 2016 17:53:25 -0500 "Ted Wynnychenko" > >How are you identifying connections to block? > > I block connections based on a list from malwaredomains.com. A script runs > nightly that downloads the list/changes, creates zone files, and reloads > unbound/nsd. The

Re: Creating https certificates dynamically for redirected/blocked requests

Ted Wynnychenko wrote: [...] > I block connections based on a list from malwaredomains.com. > A script runs nightly that downloads the list/changes, creates > zone files, and reloads unbound/nsd. The "blocked" zone files > point those domains at an internal (10.0.x.x) IP address. [...] > From my

Re: Creating https certificates dynamically for redirected/blocked requests

On Tue, Jun 14, 2016 at 8:05 AM, Ted Wynnychenko wrote: > Hello > > For many years now I have been using a DNS black hole setup to stop http/https > connections to blocked websites (well, any connection to those sites). This > has > worked well. > > Connections with http

Re: Creating https certificates dynamically for redirected/blocked requests

>From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of Stuart Henderson >Sent: Tuesday, June 14, 2016 12:31 PM > >On 2016-06-14, Ted Wynnychenko wrote: >> This really isn't a big deal; but as more sites have started using https, and as >> tools such as

Re: Creating https certificates dynamically for redirected/blocked requests

Ted Wynnychenko wrote: Hello For many years now I have been using a DNS black hole setup to stop http/https connections to blocked websites (well, any connection to those sites). This has worked well. Connections with http are routed to an IP on the internal network which returns a simple

Re: Creating https certificates dynamically for redirected/blocked requests

On 2016-06-14, Ted Wynnychenko wrote: > This really isn't a big deal; but as more sites have started using https, and > as > tools such as relayd and squid (and others?) have developed ways to "inject" > https certificates on the fly, I am wondering if there is a way to

Creating https certificates dynamically for redirected/blocked requests

Hello For many years now I have been using a DNS black hole setup to stop http/https connections to blocked websites (well, any connection to those sites). This has worked well. Connections with http are routed to an IP on the internal network which returns a simple "blocked" web page.