similar to: Squid and HTTPS interception on CentOS 7 ?

Am 05.03.2018 um 13:04 schrieb Nicolas Kovacs <info at microlinux.fr>: > > Le 28/02/2018 ? 22:23, Nicolas Kovacs a ?crit : >> So far, I've only been able to filter HTTP. >> >> Do any of you do transparent HTTPS filtering ? Any suggestions, >> advice, caveats, do's and don'ts ? > > After a week of trial and error, transparent HTTPS filtering

On 03/05/18 08:34, Bill Gee wrote: > > On Monday, March 5, 2018 7:23:53 AM CST Leon Fauster wrote: >> Am 05.03.2018 um 13:04 schrieb Nicolas Kovacs <info at microlinux.fr>: >>> Le 28/02/2018 ? 22:23, Nicolas Kovacs a ?crit : >>>> So far, I've only been able to filter HTTP. >>>> >>>> Do any of you do transparent HTTPS filtering ?

> Am 05.03.2018 um 15:34 schrieb Bill Gee <bgee at campercaver.net>: > > > On Monday, March 5, 2018 7:23:53 AM CST Leon Fauster wrote: >> Am 05.03.2018 um 13:04 schrieb Nicolas Kovacs <info at microlinux.fr>: >>> Le 28/02/2018 ? 22:23, Nicolas Kovacs a ?crit : >>>> So far, I've only been able to filter HTTP. >>>>

Nice, thanks for sharing. You could probably just drop your CA cert in the filesystem and run a couple of commands to get it imported, rather than having to import the CA in the browsers individually. You could probably deliver it via yum/rpm or better yet, ansible or even some shell script. -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro ----- Original Message -----

Le 08/03/2018 ? 11:30, hw a ?crit : > The government says you must use squidguard to filter something? The law in France (Code P?nal, article 227-24) states that a public network is not allowed to broadcast messages containing violence, pornography or any content contrary to basic human dignity, which is theoretically punishable with three years of prison or a 75.000 ? fee. So any network

On 03/05/18 06:34, Nicolas Kovacs wrote: > Le 05/03/2018 ? 13:30, Nux! a ?crit : >> You could probably just drop your CA cert in the filesystem and run a >> couple of commands to get it imported, rather than having to import >> the CA in the browsers individually. You could probably deliver it >> via yum/rpm or better yet, ansible or even some shell script. > > I

Le 08/03/2018 ? 17:15, hw a ?crit : > But you aren?t broadcasting messages, or are you? > > If they mean something like "make data accessible", the only way to > be compliant with such a law is by not providing public access. How > do you distinguish between things that are contrary to basic human > dignity and things that aren?t, and how do you keep track of all >

On 2018-02-28 06:23 PM, Nicolas Kovacs wrote: > Hi, > > I've been running Squid successfully on CentOS 7 (and before that on 6 > and 5), and it's always been running nicely. I've been using it mostly > as a transparent proxy filter in school networks. > > So far, I've only been able to filter HTTP. > > Do any of you do transparent HTTPS filtering ? Any

Le 28/02/2018 ? 22:32, Itamar Reis Peixoto a ?crit?: > I recommend everyone in France to spend their money on a school with > free internet. I'm not sure I understand. Our students sure don't pay for accessing the Internet. > > please tell us the name of your school's. https://www.scholae.fr/ > > the https exist's because we want freedom and privacy on

Le 06/03/2018 ? 18:48, hw a ?crit?: > And how do you get a list of IPs from which data could be retrieved > which the students are not supposed to see? > > How is this done anyway, does the government give out a list of URLs > or IPs which you are required to block?? If not, what if you overlook > something? Here's some information.

Le 28/02/2018 ? 22:23, Nicolas Kovacs a ?crit : > So far, I've only been able to filter HTTP. > > Do any of you do transparent HTTPS filtering ? Any suggestions, > advice, caveats, do's and don'ts ? After a week of trial and error, transparent HTTPS filtering works perfectly. I wrote a detailed blog article about it. https://blog.microlinux.fr/squid-https-centos/

Leon Fauster wrote: > Am 05.03.2018 um 13:04 schrieb Nicolas Kovacs <info at microlinux.fr>: >> >> Le 28/02/2018 ? 22:23, Nicolas Kovacs a ?crit : >>> So far, I've only been able to filter HTTP. >>> >>> Do any of you do transparent HTTPS filtering ? Any suggestions, >>> advice, caveats, do's and don'ts ? >> >> After a

Hi, Some time ago one of my public servers (running Slackware64 14.0) got attacked and was misused to send phishing emails. This misadventure made me more concerned about security, so I spent the last few weeks catching up on security, reading docs about SELinux and how to use it, etc. I have a public sandbox server running CentOS 7, and I'm currently experimenting quite a lot with Apache

On Monday, March 5, 2018 7:23:53 AM CST Leon Fauster wrote: > Am 05.03.2018 um 13:04 schrieb Nicolas Kovacs <info at microlinux.fr>: > > Le 28/02/2018 ? 22:23, Nicolas Kovacs a ?crit : > >> So far, I've only been able to filter HTTP. > >> > >> Do any of you do transparent HTTPS filtering ? Any suggestions, > >> advice, caveats, do's and

Am 11.03.2018 um 11:53 schrieb Nicolas Kovacs <info at microlinux.fr>: > > I've experimented some more, and I have a partial success. Here, I'm > redirecting all HTTPS traffic *except* the one that goes to my bank: > > iptables -A PREROUTING -t nat -i $IFACE_LAN -p tcp ! -d > www.credit-cooperatif.coop --dport 443 -j REDIRECT --to-port 3129 > > This works

Hi, I've been working with Squid + SquidGuard for a few years, though only on Slackware. I'm currently transferring my proxy expertise to CentOS 7, and right now I'm having a little problem with that. Squid works perfectly so far as a transparent HTTP + HTTPS cache proxy. The next step is to add SquidGuard, so I installed it and edited the most basic /etc/squid/squidGuard.conf file

On Wed, Feb 28, 2018 at 10:23:31PM +0100, Nicolas Kovacs wrote: > Hi, > > I've been running Squid successfully on CentOS 7 (and before that on 6 > and 5), and it's always been running nicely. I've been using it mostly > as a transparent proxy filter in school networks. > > So far, I've only been able to filter HTTP. > > Do any of you do transparent

Hi, I recently migrated my office's server from Slackware64 14.1 to CentOS 7. Right now I'm in the process of configuring the Squid web proxy. I edited the default /etc/squid/squid.conf, and here's what I have so far: --8<-------------------------------------------------- # /etc/squid/squid.conf # Nom d'h?te du serveur Squid visible_hostname amandine.microlinux.lan #

Hi, I've setup a transparent HTTP+HTTPS proxy on my server running CentOS 7, using Squid. Here's my configuration file. --8<---------------------------------------------------------------- # /etc/squid/squid.conf # D?finitions acl localnet src 192.168.2.0/24 acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port

Hi, I'm currently facing a quite tricky problem. Here goes. I have setup Squid as a transparent HTTP+HTTPS proxy in my local network. All web traffic gets handed over to Squid by an iptables script on the server. Here's the relevant section in /etc/squid/squid.conf: --8<------------------------------------------------------------- # Ports du proxy http_port 3130 http_port 3128