I have a dilemma with https from some users and i need to resolve this. My problem:
I have users with full access and restricted access, squid solve this problem at this moment but i canĀ“t block https (secure http) on port 443. What i do: ####################################################################### I'm reading about this problem and i found a solution using the latest squid 3.2.x. the problem is this type of filter make some changes on the SSL and sometimes the web browser make noise (with https://www.gmail.com is one of this). This solution is in this link http://blog.davidvassallo.me/2011/03/22/squid-transparent-ssl-interception/ this solution don't work for me. ####################################################################### Another solution is using shorewall and block the different host per IP like this rule: REJECT loc net:69.171.224.0/19,66.220.144.0/20 tcp 443 this solution is explained here http://comments.gmane.org/gmane.comp.security.shorewall/27475 But this is too complicated to get working for every IP for each page to block. ####################################################################### At the end of reading i think "it's possible to block like OpenDNS do?" http://www.opendns.com/parental-controls/ I try something like this http://www.deer-run.com/~hal/sysadmin/dns-advert.html and get fully working and functional! But i forgot to remember i need to have users with full access. My configuration block all IPs on the lan to get access to this. What i do? I create a Virtual Machine with bind9 and make the same configuration on bind9. I'm trying to send requests from IPs with restricted access to this VM but i don't know how to do in the right way! I try (all in /etc/shorewall/rules: DNAT loc:192.168.2.12 virt:192.168.122.10:53 udp 53 where loc:192.168.2.12 is the IP who will has restricted access virt:192.168.122.10 is the IP of the VM who has internet and resolve OK (can ping ok) I'm stuck again. If you need more information please let me know. Any help will be appreciated. Best regards. -- Emiliano Vazquez | PcCentro Informatica & CCTV Office: +54 (11) 4951-0203 Interno 4 Movil: 011-15-6253-7165 Mail: [email protected] Web: http://www.pccentro.com.ar ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
