Hello,
Can the Squid web proxy be configured to filter URLs without requiring a certificate installation on client devices?
I've successfully set it up with a manually imported certificate, but I'm curious if Squid can perform URL filtering like some commercial firewalls do, without needing to install a certificate on the endpoints.
Thanks in advance!
Last edited by geometry dash 3d (https://geometrydash3d.com) two days ago
With explicit proxy configuration on the client, yes. Transparently, no.
@bryanjones: No firewall can do that, unless you configure the client to use a specific proxy. If they claim that they can, they are selling snake oil. The best they could do is to do DNS-based filtering, which is limited to the host part of the URL.
The very principle of traffic introspection relies on breaking up the encrypted traffic, thus presenting a fake certificate to the client which it must trust. If you cannot make all of your clients do that, you are out of luck.