The best thing is to educate your children instead of trying to
shelter them from those sites.
Why choose
or
Security in depth
Stefan
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
[Please don't top post. Please trim unnecessary content.]
On Thu, Mar 26, 2015 at 02:29:08PM +0100, Peter Viskup wrote:
It's the way you look at.
For me it's about prevention...your child can click on some link somewhere
and see some pictures/videos which will remain in his/her mind (let's
Unfortunately we are living in real (not ideal) world and there are cases
where the SSL split is definitely needed or should be considered at least.
For example Squid 3.5 coming with new design of SSLBump allowing to do some
inspection of the connection prior the real SSLSplit. That gives you
On Thu, 26 Mar 2015 15:53:04 -0600, Bob Proulx wrote:
rog...@queernet.org wrote:
Michael Graham wrote:
As MITM proxies in school/business seem to be pretty common in the US
and the UK.
I bet your proxy firewall does it too.
I bet not! I think you are confusing https with http. We
Hello it's me again,
thanks for the hint with wget, this was very useful.
The problem with not redirect https to an errorpage is not solved but
this is okay. It's only a nice to have feature to redirect to an errorpage.
But I have a new problem, I want to have a transparent proxy for http
Michael I. linux-michae...@abwesend.de wrote:
But I have a new problem, I want to have a transparent proxy for http
this works fine but when I add the iptables rule for https the loading
won't work.
Of course not. That this is not working is the _whole point_ of any
end-to-end encrypted
your evenings to make your blacklists up2date.
Greetings
Sascha
-Ursprüngliche Nachricht-
Von: Reco [mailto:recovery...@gmail.com]
Gesendet: Donnerstag, 26. März 2015 13:52
An: debian-user@lists.debian.org
Betreff: Re: Redirect HTTPS with Squid3+Squidguard
Hi.
On Thu, 26 Mar 2015 13:21
Without the SSL splitting the only option is to install some software on
the client side. Some endpoint security software doing the inspection of
the web data transfers on the fly before they pass the TLS tunnel. It's the
same like SSL split on Squid, but let's say more transparent. Unfortunately
]
Gesendet: Donnerstag, 26. März 2015 13:52
An: debian-user@lists.debian.org
Betreff: Re: Redirect HTTPS with Squid3+Squidguard
Hi.
On Thu, 26 Mar 2015 13:21:57 +0100
Peter Viskup skupko...@gmail.com wrote:
Hi,
just jumped into SSLBump/Split features some months ago. I don't find
Michael I. linux-michae...@abwesend.de wrote:
Sven Hartge s...@svenhartge.de wrote:
Michael I. linux-michae...@abwesend.de wrote:
But I have a new problem, I want to have a transparent proxy for
http this works fine but when I add the iptables rule for https the
loading won't work.
Of
Hi,
just jumped into SSLBump/Split features some months ago. I don't find these
features harmful. Especially when protecting your children from access of
YouTube or other possibly harmful sites. Once you are logged with Google
account they redirect your communication to https which makes the
Hi.
On Thu, 26 Mar 2015 13:21:57 +0100
Peter Viskup skupko...@gmail.com wrote:
Hi,
just jumped into SSLBump/Split features some months ago. I don't find these
features harmful. Especially when protecting your children from access of
YouTube or other possibly harmful sites. Once you are
Sven Hartge s...@svenhartge.de wrote:
Michael I. linux-michae...@abwesend.de wrote:
But I have a new problem, I want to have a transparent proxy for http
this works fine but when I add the iptables rule for https the loading
won't work.
Of course not. That this is not working is the _whole
Sven Hartge s...@svenhartge.de wrote: Michael I.
linux-michae...@abwesend.de wrote:
Sven Hartge s...@svenhartge.de wrote:
Michael I. linux-michae...@abwesend.de wrote:
But I have a new problem, I want to have a transparent proxy for
http this works fine but when I add the iptables rule for
On Thu, 26 Mar 2015 08:49:37 -0500, John Hasler wrote:
Why don't you just get rid of the computers?
I tried that route one time ... got looked at like I had 7 heads for even
suggesting that the kids go back to textbooks and paper.
--
To UNSUBSCRIBE, email to
Hi.
On Thu, 26 Mar 2015 16:48:00 +0100
Peter Viskup skupko...@gmail.com wrote:
Hello Reco,
On Thu, Mar 26, 2015 at 4:13 PM, Reco recovery...@gmail.com wrote:
Hi.
And just as well child can see a naughty picture on TV. Or a phone ad.
Or a magazine/newspaper. Anywhere, once you start
Michael I. linux-michae...@abwesend.de wrote:
This are not my children, the filter is used for a school.
Aha, important information.
Do not proceed any further with breaking encrypted connections or, for
the matter, transparently proxiing _any_ connections until you had a
talk with a) the
Hello,
for private usage I am think a filter isn't good, children need trust
and a filter is the opposite of trust.
But in usage for a school I think a filter is better, a teacher can't
look on all computers. The kids are trying out thinks in school which is
good but when nobody is there to
On 26 March 2015 at 14:18, Reco recovery...@gmail.com wrote:
Then it's even worse that I thought. I don't know about Germany, but
where I live tampering with public communications is considered a
criminal offense. I strongly suggest you to seek a legal advice before
doing anything like SSL
On 3/26/15 12:42 PM, Michael Graham wrote:
On 26 March 2015 at 14:18, Reco recovery...@gmail.com wrote:
Then it's even worse that I thought. I don't know about Germany, but
where I live tampering with public communications is considered a
criminal offense. I strongly suggest you to seek a legal
Michael Graham wrote:
Reco wrote:
Ow. Exactly which kind of consumer-grade hardware comes with SSL bump
preinstalled? That's very interesting to me as I like know which
hardware to avoid in the future.
It's way more common than you seem to think. CERT recently did a blog post
about it
Peter Viskup skupko...@gmail.com wrote:
It's the way you look at. For me it's about prevention...your child
can click on some link somewhere and see some pictures/videos which
will remain in his/her mind (let's say) forever and can harm even if
it was only seconds they were seen...I am
Why don't you just get rid of the computers?
--
John Hasler
jhas...@newsguy.com
Elmwood, WI USA
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive:
rog...@queernet.org wrote:
Michael Graham wrote:
As MITM proxies in school/business seem to be pretty common in the
US and the UK.
I bet your proxy firewall does it too.
I bet not! I think you are confusing https with http. We are talking
about https here not http. And even then I
Hi.
On Thu, 26 Mar 2015 12:44:11 -0700
rog...@queernet.org wrote:
On 3/26/15 12:42 PM, Michael Graham wrote:
On 26 March 2015 at 14:18, Reco recovery...@gmail.com wrote:
Then it's even worse that I thought. I don't know about Germany, but
where I live tampering with public communications
Hi.
On Thu, 26 Mar 2015 18:18:24 +0100
Michael I. linux-michae...@abwesend.de wrote:
Hello,
for private usage I am think a filter isn't good, children need trust
and a filter is the opposite of trust.
But in usage for a school I think a filter is better, a teacher can't
look on all
Reco recovery...@gmail.com wrote:
On Thu, 26 Mar 2015 18:18:24 +0100 Michael I. linux-michae...@abwesend.de
wrote:
for private usage I am think a filter isn't good, children need trust
and a filter is the opposite of trust.
But in usage for a school I think a filter is better, a teacher
On Thu, 26 Mar 2015 17:18 Reco recovery...@gmail.com wrote:
Hi.
On Thu, 26 Mar 2015 12:44:11 -0700
rog...@queernet.org rog...@queernet.org wrote:
On 3/26/15 12:42 PM, Michael Graham wrote:
On 26 March 2015 at 14:18, Reco recovery...@gmail.com wrote:
Then it's even worse that I
Hello Reco,
On Thu, Mar 26, 2015 at 4:13 PM, Reco recovery...@gmail.com wrote:
Hi.
And just as well child can see a naughty picture on TV. Or a phone ad.
Or a magazine/newspaper. Anywhere, once you start thinking about it.
And that's just sad, disturbingly and one of the main reasons of so
Hi.
On Thu, 26 Mar 2015 14:29:08 +0100
Peter Viskup skupko...@gmail.com wrote:
It's the way you look at.
For me it's about prevention...your child can click on some link somewhere
and see some pictures/videos which will remain in his/her mind (let's say)
forever and can harm even if it was
Michael I. linux-michae...@abwesend.de wrote:
I tested around a bit with squid3+squidguard and I found out that the
redirect works with the Internet Explorer (IE 11).
Then I tested some other browser (firefox, chrome, ..) and with all
the other browser the redirect didn't work.
Is there a
Sven Hartge wrote:
Michael I. wrote:
I tested around a bit with squid3+squidguard and I found out that the
redirect works with the Internet Explorer (IE 11).
Then I tested some other browser (firefox, chrome, ..) and with all
the other browser the redirect didn't work.
Be careful using
Liam O'Toole liam.p.oto...@gmail.com wrote:
On 2015-03-23, linux-michae...@abwesend.de linux-michae...@abwesend.de
wrote:
I thought there is a simple and secure way to redirect to an 'This
Site has been blocked' Page for HTTP and HTTPS. But when I must
destroy the safety from HTTPS this
On 2015-03-23, linux-michae...@abwesend.de linux-michae...@abwesend.de
wrote:
Hello Sven and the other,
thanks for help.
I thought there is a simple and secure way to redirect to an 'This
Site has been blocked' Page for HTTP and HTTPS. But when I must
destroy the safety from HTTPS this
Hello Sven and the other,
thanks for help.
I thought there is a simple and secure way to redirect to an 'This Site has
been blocked' Page for HTTP and HTTPS. But when I must destroy the safety from
HTTPS this isn't an option.
It is a nice to have feature in my project, so the user can see
Hello Liam,
thanks for the hint, but the error page I get is a browser error page (it's the
connection failed error page) and not a squid error page.
--
Michael
Liam O'Toole liam.p.oto...@gmail.com wrote:
On 2015-03-23, linux-michae...@abwesend.de linux-michae...@abwesend.de
wrote:
Hello again,
I tested around a bit with squid3+squidguard and I found out that the
redirect works with the Internet Explorer (IE 11).
Then I tested some other browser (firefox, chrome, ..) and with all the
other browser the redirect didn't work.
Is there a bug in the Internet Explorer or
Sven Hartge wrote:
Michael I. wrote:
Is there really no way to redirect https request to an errorpage with
squid3+squidguard?
Short answer: No, there is not.
+1, No there is not for the reasons Sven described.
Long answer: The only way is to setup a transparent proxy, intercepting
any
Hello list,
I have a problem with my squid3 + squidguard. I can't redirect https
requests to an errorpage. When I request a blocked https page it always
says the site isn't available.
I searched on the internet an there it says, it is an problem with the
https protocol because https
Michael I. linux-michae...@abwesend.de wrote:
I have a problem with my squid3 + squidguard. I can't redirect https
requests to an errorpage. When I request a blocked https page it
always says the site isn't available.
I searched on the internet an there it says, it is an problem
Bob Proulx b...@proulx.com wrote:
Sven Hartge wrote:
Michael I. wrote:
Is there really no way to redirect https request to an errorpage
with squid3+squidguard?
Long answer: The only way is to setup a transparent proxy,
intercepting any outbound connection and terminating the encryption
on
41 matches
Mail list logo