[CentOS] Squid and HTTPS interception on CentOS 7 ?

Tue Mar 6 17:48:50 UTC 2018
hw <hw at gc-24.de>

Leon Fauster wrote:
> Am 05.03.2018 um 13:04 schrieb Nicolas Kovacs <info at microlinux.fr>:
>> Le 28/02/2018 à 22:23, Nicolas Kovacs a écrit :
>>> So far, I've only been able to filter HTTP.
>>> Do any of you do transparent HTTPS filtering ? Any suggestions,
>>> advice, caveats, do's and don'ts ?
>> After a week of trial and error, transparent HTTPS filtering works
>> perfectly. I wrote a detailed blog article about it.
>> https://blog.microlinux.fr/squid-https-centos/
> I wonder if this works with all https enabled sites? Chrome has
> capabilities hardcoded to check google certificates. Certificate
> Transparency, HTTP Public Key Pinning, CAA DNS are also supporting
> the end node to identify MITM. I hope that such setup will be unpractical
> in the near future.
> About your legal requirements; Weighing is what courts daily do. So,
> such requirements are not asking you to destroy the integrity and
> confidentiality >95% of users activity. Blocking Routing, DNS, IPs,
> Ports are the way to go.

And how do you get a list of IPs from which data could be retrieved
which the students are not supposed to see?

How is this done anyway, does the government give out a list of URLs
or IPs which you are required to block?  If not, what if you overlook