+ Post New Thread
Results 1 to 6 of 6
Internet Related/Filtering/Firewall Thread, Dansguardian and HTTPS in Technical; Hello, I have searched the forums for some help on this topic but have not come up with a good ...
  1. #1

    Join Date
    Jun 2007
    Posts
    3
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Dansguardian and HTTPS

    Hello,

    I have searched the forums for some help on this topic but have not come up with a good answer. I am using Dansguardian 2.10 and I am unable to filter https: traffic. In a google search I have read many times that is is not possible but on Dansguardians site it states:

    "The URL filtering is able to filter https requests."

    DansGuardian - True Web Content Filtering for All

    The main issue is that students are able to bypass our filter solution by simply adding the https: prefix to sites like facebook and myspace.

    Can anyone tell me how to deny access to these secure sites through Dansguardian or any other method?

    Thanks,
    Jon

  2. #2


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,507
    Thank Post
    871
    Thanked 862 Times in 681 Posts
    Rep Power
    199
    If you are using a non-transparent proxy you should be able to filter on domain (rather than URL) on HTTPS sites. Not exactly sure of which bits of config you will need to write though.

  3. #3

    Join Date
    Jun 2007
    Posts
    3
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    I have been unable to filter on domain or url or keyword or anything else. I suspect I have a config file error somewhere. Should also mention I am using unbuntu, squid and DG.

    Thanks for your reply.

  4. #4

    Join Date
    Oct 2008
    Posts
    226
    Thank Post
    2
    Thanked 13 Times in 13 Posts
    Rep Power
    22
    I had the same problem here:

    Dansguardian not letting HTTPS through

    I use a .PAC file on our clients (they cannot change connections settings) the PAC directs https -> 3128 and all other traffic to 8080 and I use a whitelist of HTTPS

    I couldn't find a way of making dansguardian filter HTTPS

  5. #5


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,507
    Thank Post
    871
    Thanked 862 Times in 681 Posts
    Rep Power
    199
    DG won't actually do any particular filtering on HTTPS - though I believe you can block by domain, certainly the phrase filtering won't work.

  6. #6

    Join Date
    Oct 2008
    Posts
    226
    Thank Post
    2
    Thanked 13 Times in 13 Posts
    Rep Power
    22
    Instead of wasting more time on it, I implemented an ACL in squid, something like:

    acl badlist1 dstdomain "/etc/dansguardian/lists/blacklists/proxy/domains"
    http_access deny badlist1

    etc etc. That way I still use the same blocklists but it is done as a blanket rather than dansguardian's ability to use multiple filter groups.

    I still would have expected DG to pass through my HTTPS but somehow something in my setup borked it. no matter I have a working scenario now - it was always going to involve a .PAC file anway I just needed to add a separate entry for HTTPS



SHARE:
+ Post New Thread

Similar Threads

  1. Dansguardian not letting HTTPS through
    By KK20 in forum Internet Related/Filtering/Firewall
    Replies: 9
    Last Post: 23rd October 2009, 01:10 PM
  2. [Ubuntu] Dansguardian 2.10.0.3 and Ubuntu 9.04
    By voodoochile in forum *nix
    Replies: 11
    Last Post: 5th June 2009, 02:51 PM
  3. Dansguardian 2.10 on Ubuntu 8.04
    By ianniow in forum *nix
    Replies: 3
    Last Post: 3rd June 2009, 12:46 PM
  4. Dansguardian
    By DMcCoy in forum *nix
    Replies: 10
    Last Post: 25th January 2008, 02:17 PM
  5. dansguardian
    By callumtuckey in forum How do you do....it?
    Replies: 3
    Last Post: 21st May 2007, 09:43 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •