[CentOS] Squid and HTTPS interception on CentOS 7 ?
hw
hw at gc-24.de
Tue Mar 6 17:48:50 UTC 2018
Leon Fauster wrote:
> Am 05.03.2018 um 13:04 schrieb Nicolas Kovacs <info at microlinux.fr>:
>>
>> Le 28/02/2018 à 22:23, Nicolas Kovacs a écrit :
>>> So far, I've only been able to filter HTTP.
>>>
>>> Do any of you do transparent HTTPS filtering ? Any suggestions,
>>> advice, caveats, do's and don'ts ?
>>
>> After a week of trial and error, transparent HTTPS filtering works
>> perfectly. I wrote a detailed blog article about it.
>>
>> https://blog.microlinux.fr/squid-https-centos/
>
>
> I wonder if this works with all https enabled sites? Chrome has
> capabilities hardcoded to check google certificates. Certificate
> Transparency, HTTP Public Key Pinning, CAA DNS are also supporting
> the end node to identify MITM. I hope that such setup will be unpractical
> in the near future.
>
> About your legal requirements; Weighing is what courts daily do. So,
> such requirements are not asking you to destroy the integrity and
> confidentiality >95% of users activity. Blocking Routing, DNS, IPs,
> Ports are the way to go.
And how do you get a list of IPs from which data could be retrieved
which the students are not supposed to see?
How is this done anyway, does the government give out a list of URLs
or IPs which you are required to block? If not, what if you overlook
something?
More information about the CentOS
mailing list