actually i need to block https sites like https facebook or https youtube etc with transparent proxy.
now pls give any idea...! On Tue, Jun 17, 2014 at 2:59 PM, Chris Bagnall <pfse...@lists.minotaur.cc> wrote: > On 16/6/14 7:06 pm, A Mohan Rao wrote: > >> Had anybody successfully configured squid3-dev with squidguard-squid3 with >> properly works https filtering...? >> > > (not specific to pfSense, but might be useful info for HTTPS interception > in general) > > You are only going to be able to do that if you have control over the > client machines and can add the Squid server's certificate to the client > browser's trust list, otherwise your users are going to get incorrect > certificate warnings whenever they browse an HTTPS site. > > It does rather beg the question: why are you trying to do this? > Given HTTPS is *designed* to be a secure protocol end-to-end, breaking it > open in the middle, decrypting it, then re-encrypting it with your > certificate is just opening up an easy attack vector. At the very least > your users need to be made very clearly aware that this is what you're > doing and why you're breaking SSL to do it. > > Kind regards, > > Chris > -- > This email is made from 100% recycled electrons > > _______________________________________________ > List mailing list > List@lists.pfsense.org > https://lists.pfsense.org/mailman/listinfo/list >
_______________________________________________ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
