> From: James Bensley [mailto:jwbens...@gmail.com] > Sent: Tuesday, March 22, 2011 13:36 > To: support@pfsense.com > Subject: Re: [pfSense Support] can't block https://facebook.com via > firefox > > I don't believe you can filter https traffic can you? > I know squid wont cache it, it can't, its encrypted! Obviously the > URL isn't encrypted but the content is so maybe you can filter > it but I'm not sure, I don't think HAVP supports scanning https > content either.
The URL is encrypted. The only information you have at the pf level is IP address and port. The HTTP GET request is only transmitted after SSL/TLS channel setup. It is possible to determine what the CN is of the certificate at that IP address - either in an out-of-band process or by snooping on the TLS exchange - but AFAIK pfSense doesn't provide any way to do that. Some commercial firewalls (Fortigate, most notably) claim to filter HTTPS, I'm still a bit unclear on how they manage to break SSL that thoroughly even with what amounts to a MitM attack... -Adam --------------------------------------------------------------------- To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org