My bad .. Good point unless its intercepting the ssl stream. there are ways of doing it http://wiki.squid-cache.org/Features/SslBump but its dodgy .. On Wed, Aug 15, 2012 at 12:28 PM, John R Pierce <pierce at hogranch.com> wrote: > On 08/14/12 5:18 PM, Gregory Machin wrote: >> Once is lands at the browser it's no longer ssl . It can then be >> blocked from running , or block the infect file from being written to >> the file system. As is done on windows. >> >> SSL effectively creates a pipe that one cant see into , but the ends >> are open and data is visible . > > > how does the 'astaro security gateway' William Warren mentioned do > that? my query was in direct response to the three lines I quoted from > William. he was referring to an appliance gateway at the network border. > > > > -- > john r pierce N 37, W 122 > santa cruz ca mid-left coast > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos