On 03/05/18 07:23, Leon Fauster wrote: > Am 05.03.2018 um 13:04 schrieb Nicolas Kovacs <info at microlinux.fr>: >> >> Le 28/02/2018 à 22:23, Nicolas Kovacs a écrit : >>> So far, I've only been able to filter HTTP. >>> >>> Do any of you do transparent HTTPS filtering ? Any suggestions, >>> advice, caveats, do's and don'ts ? >> >> After a week of trial and error, transparent HTTPS filtering works >> perfectly. I wrote a detailed blog article about it. >> >> https://blog.microlinux.fr/squid-https-centos/ > > > I wonder if this works with all https enabled sites? Chrome has > capabilities hardcoded to check google certificates. Google, huh ;-( see below... > Certificate > Transparency, HTTP Public Key Pinning, CAA DNS are also supporting > the end node to identify MITM. I hope that such setup will be unpractical > in the near future. > > About your legal requirements; Weighing is what courts daily do. So, > such requirements are not asking you to destroy the integrity and > confidentiality >95% of users activity. Blocking Routing, DNS, IPs, > Ports are the way to go. I would add avoiding google and all google products by all means to the above list ;-) valeri > > -- > LF > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos > -- ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++