Internet Related/Filtering/Firewall Thread, Dansguardian and HTTPS in Technical; Hello,
I have searched the forums for some help on this topic but have not come up with a good ...
-
23rd July 2009, 05:45 PM #1 
- Rep Power
- 0
Dansguardian and HTTPS
Hello,
I have searched the forums for some help on this topic but have not come up with a good answer. I am using Dansguardian 2.10 and I am unable to filter https: traffic. In a google search I have read many times that is is not possible but on Dansguardians site it states:
"The URL filtering is able to filter https requests."
DansGuardian - True Web Content Filtering for All
The main issue is that students are able to bypass our filter solution by simply adding the https: prefix to sites like facebook and myspace.
Can anyone tell me how to deny access to these secure sites through Dansguardian or any other method?
Thanks,
Jon
-
-
IDG Tech News
-
23rd July 2009, 05:49 PM #2 If you are using a non-transparent proxy you should be able to filter on domain (rather than URL) on HTTPS sites. Not exactly sure of which bits of config you will need to write though.
-
-
23rd July 2009, 05:56 PM #3
- Rep Power
- 0
I have been unable to filter on domain or url or keyword or anything else. I suspect I have a config file error somewhere. Should also mention I am using unbuntu, squid and DG.
Thanks for your reply.
-
-
14th August 2009, 02:17 PM #4 I had the same problem here:
Dansguardian not letting HTTPS through
I use a .PAC file on our clients (they cannot change connections settings) the PAC directs https -> 3128 and all other traffic to 8080 and I use a whitelist of HTTPS
I couldn't find a way of making dansguardian filter HTTPS
-
-
14th August 2009, 02:51 PM #5 DG won't actually do any particular filtering on HTTPS - though I believe you can block by domain, certainly the phrase filtering won't work.
-
-
14th August 2009, 03:09 PM #6 Instead of wasting more time on it, I implemented an ACL in squid, something like:
acl badlist1 dstdomain "/etc/dansguardian/lists/blacklists/proxy/domains"
http_access deny badlist1
etc etc. That way I still use the same blocklists but it is done as a blanket rather than dansguardian's ability to use multiple filter groups.
I still would have expected DG to pass through my HTTPS but somehow something in my setup borked it. no matter I have a working scenario now - it was always going to involve a .PAC file anway I just needed to add a separate entry for HTTPS
-
SHARE:
Similar Threads
-
By KK20 in forum Internet Related/Filtering/Firewall
Replies: 9
Last Post: 23rd October 2009, 12:10 PM
-
By voodoochile in forum *nix
Replies: 11
Last Post: 5th June 2009, 01:51 PM
-
Replies: 3
Last Post: 3rd June 2009, 11:46 AM
-
Replies: 10
Last Post: 25th January 2008, 02:17 PM
-
By callumtuckey in forum How do you do....it?
Replies: 3
Last Post: 21st May 2007, 08:43 AM
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Tags for this Thread
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
LinkBack URL
About LinkBacks
Reply With Quote
