Internet Related/Filtering/Firewall Thread, Dansguardian and HTTPS in Technical; Hello,
I have searched the forums for some help on this topic but have not come up with a good ...
23rd July 2009, 06:45 PM #1
- Rep Power
Dansguardian and HTTPS
I have searched the forums for some help on this topic but have not come up with a good answer. I am using Dansguardian 2.10 and I am unable to filter https: traffic. In a google search I have read many times that is is not possible but on Dansguardians site it states:
"The URL filtering is able to filter https requests."
DansGuardian - True Web Content Filtering for All
The main issue is that students are able to bypass our filter solution by simply adding the https: prefix to sites like facebook and myspace.
Can anyone tell me how to deny access to these secure sites through Dansguardian or any other method?
23rd July 2009, 06:49 PM #2
If you are using a non-transparent proxy you should be able to filter on domain (rather than URL) on HTTPS sites. Not exactly sure of which bits of config you will need to write though.
23rd July 2009, 06:56 PM #3
- Rep Power
I have been unable to filter on domain or url or keyword or anything else. I suspect I have a config file error somewhere. Should also mention I am using unbuntu, squid and DG.
Thanks for your reply.
14th August 2009, 03:17 PM #4
I had the same problem here:
Dansguardian not letting HTTPS through
I use a .PAC file on our clients (they cannot change connections settings) the PAC directs https -> 3128 and all other traffic to 8080 and I use a whitelist of HTTPS
I couldn't find a way of making dansguardian filter HTTPS
14th August 2009, 03:51 PM #5
DG won't actually do any particular filtering on HTTPS - though I believe you can block by domain, certainly the phrase filtering won't work.
14th August 2009, 04:09 PM #6
Instead of wasting more time on it, I implemented an ACL in squid, something like:
acl badlist1 dstdomain "/etc/dansguardian/lists/blacklists/proxy/domains"
http_access deny badlist1
etc etc. That way I still use the same blocklists but it is done as a blanket rather than dansguardian's ability to use multiple filter groups.
I still would have expected DG to pass through my HTTPS but somehow something in my setup borked it. no matter I have a working scenario now - it was always going to involve a .PAC file anway I just needed to add a separate entry for HTTPS
By KK20 in forum Internet Related/Filtering/Firewall
Last Post: 23rd October 2009, 01:10 PM
By voodoochile in forum *nix
Last Post: 5th June 2009, 02:51 PM
Last Post: 3rd June 2009, 12:46 PM
Last Post: 25th January 2008, 02:17 PM
By callumtuckey in forum How do you do....it?
Last Post: 21st May 2007, 09:43 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Tags for this Thread