Leon Fauster wrote: > Am 05.03.2018 um 13:04 schrieb Nicolas Kovacs <info at microlinux.fr>: >> >> Le 28/02/2018 à 22:23, Nicolas Kovacs a écrit : >>> So far, I've only been able to filter HTTP. >>> >>> Do any of you do transparent HTTPS filtering ? Any suggestions, >>> advice, caveats, do's and don'ts ? >> >> After a week of trial and error, transparent HTTPS filtering works >> perfectly. I wrote a detailed blog article about it. >> >> https://blog.microlinux.fr/squid-https-centos/ > > > I wonder if this works with all https enabled sites? Chrome has > capabilities hardcoded to check google certificates. Certificate > Transparency, HTTP Public Key Pinning, CAA DNS are also supporting > the end node to identify MITM. I hope that such setup will be unpractical > in the near future. > > About your legal requirements; Weighing is what courts daily do. So, > such requirements are not asking you to destroy the integrity and > confidentiality >95% of users activity. Blocking Routing, DNS, IPs, > Ports are the way to go. And how do you get a list of IPs from which data could be retrieved which the students are not supposed to see? How is this done anyway, does the government give out a list of URLs or IPs which you are required to block? If not, what if you overlook something?