Dansguardian and HTTPS
I have searched the forums for some help on this topic but have not come up with a good answer. I am using Dansguardian 2.10 and I am unable to filter https: traffic. In a google search I have read many times that is is not possible but on Dansguardians site it states:
"The URL filtering is able to filter https requests."
DansGuardian - True Web Content Filtering for All
The main issue is that students are able to bypass our filter solution by simply adding the https: prefix to sites like facebook and myspace.
Can anyone tell me how to deny access to these secure sites through Dansguardian or any other method?
If you are using a non-transparent proxy you should be able to filter on domain (rather than URL) on HTTPS sites. Not exactly sure of which bits of config you will need to write though.
I have been unable to filter on domain or url or keyword or anything else. I suspect I have a config file error somewhere. Should also mention I am using unbuntu, squid and DG.
Thanks for your reply.
I had the same problem here:
I use a .PAC file on our clients (they cannot change connections settings) the PAC directs https -> 3128 and all other traffic to 8080 and I use a whitelist of HTTPS
I couldn't find a way of making dansguardian filter HTTPS
DG won't actually do any particular filtering on HTTPS - though I believe you can block by domain, certainly the phrase filtering won't work.
Instead of wasting more time on it, I implemented an ACL in squid, something like:
acl badlist1 dstdomain "/etc/dansguardian/lists/blacklists/proxy/domains"
http_access deny badlist1
etc etc. That way I still use the same blocklists but it is done as a blanket rather than dansguardian's ability to use multiple filter groups.
I still would have expected DG to pass through my HTTPS but somehow something in my setup borked it. no matter I have a working scenario now - it was always going to involve a .PAC file anway I just needed to add a separate entry for HTTPS