On 2015/10/23 13:08, Jason Tubnor wrote: > Hi, > > Does anyone have a combination of packages/ports to build a web content > management solution for business internet that they could recommend? I'd > like to use relayd if possible but that is not something set in stone. > Squid, squidguard and clamav have come to mind but wonder what else others > use. > > Scope of the project is to filter internet traffic for users, reducing > malicious downloads coming in and preventing access to adult and gambling > content. I do have access to push certificates to end-users machines. > > Any software pointers or different FAQ guides will be greatly appreciated.
I'm using squid, c-icap, squidclamav and squid ACLs. I haven't got round to doing TLS MITM in production yet but really need to as a significant percentage of traffic is now encrypted, the implementation of this in squid 3.5 is quite well-featured and can be configured to do things like avoid MITMing certain sites, for example you might want to do this for online banking sites. It can also copy attributes where possible from the real server certificate so that in many cases browsers will use their normal UI for presenting cert errors. (obviously not for CA issues, but for things like bad dates). Squid native ACLs have improved a lot since the time squidguard was written, you're better off using these rather than squidguard if possible. If you need more than can be done with these then better to look at ufdbGuard than squidguard, it's not committed but I have a port lying around aomewhere.
