On 03/05/18 07:23, Leon Fauster wrote:
Am 05.03.2018 um 13:04 schrieb Nicolas Kovacs info@microlinux.fr:
Le 28/02/2018 à 22:23, Nicolas Kovacs a écrit :
So far, I've only been able to filter HTTP.
Do any of you do transparent HTTPS filtering ? Any suggestions, advice, caveats, do's and don'ts ?
After a week of trial and error, transparent HTTPS filtering works perfectly. I wrote a detailed blog article about it.
I wonder if this works with all https enabled sites? Chrome has capabilities hardcoded to check google certificates.
Google, huh ;-( see below...
Certificate Transparency, HTTP Public Key Pinning, CAA DNS are also supporting the end node to identify MITM. I hope that such setup will be unpractical in the near future.
About your legal requirements; Weighing is what courts daily do. So, such requirements are not asking you to destroy the integrity and confidentiality >95% of users activity. Blocking Routing, DNS, IPs, Ports are the way to go.
I would add avoiding google and all google products by all means to the above list ;-)
valeri
-- LF
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos