[CentOS] Squid and HTTPS interception on CentOS 7 ?
Leon Fauster
leonfauster at googlemail.comMon Mar 5 13:23:53 UTC 2018
- Previous message: [CentOS] Squid and HTTPS interception on CentOS 7 ?
- Next message: [CentOS] Squid and HTTPS interception on CentOS 7 ?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Am 05.03.2018 um 13:04 schrieb Nicolas Kovacs <info at microlinux.fr>: > > Le 28/02/2018 à 22:23, Nicolas Kovacs a écrit : >> So far, I've only been able to filter HTTP. >> >> Do any of you do transparent HTTPS filtering ? Any suggestions, >> advice, caveats, do's and don'ts ? > > After a week of trial and error, transparent HTTPS filtering works > perfectly. I wrote a detailed blog article about it. > > https://blog.microlinux.fr/squid-https-centos/ I wonder if this works with all https enabled sites? Chrome has capabilities hardcoded to check google certificates. Certificate Transparency, HTTP Public Key Pinning, CAA DNS are also supporting the end node to identify MITM. I hope that such setup will be unpractical in the near future. About your legal requirements; Weighing is what courts daily do. So, such requirements are not asking you to destroy the integrity and confidentiality >95% of users activity. Blocking Routing, DNS, IPs, Ports are the way to go. -- LF
- Previous message: [CentOS] Squid and HTTPS interception on CentOS 7 ?
- Next message: [CentOS] Squid and HTTPS interception on CentOS 7 ?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list