web filtering https without mitm

Started by Deku2, April 27, 2021, 02:06:05 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
April 27, 2021, 02:06:05 AM
I want to use the web proxy filtering for ssl without doing the entire ca ssl mitm.  I don't need to inspect, cache or authenticate anything.  I just want to block people from going to youtube and social media sites.  That shouldn't require me doing anything within SSL.  However, I can't get it to work.  When I do the transparent proxy forward on the ssl port, it just breaks the internet.

help please
thanks
April 27, 2021, 07:53:18 AM #1
The only part of an HTTPS connection that is clear text is the DNS lookup. Don't bother with a transparent proxy, set youtube.com etc. on your DNS server to point to 127.0.0.1 instead and block your clients from using internet DNS servers by a firewall rule.

Beware that this will only stop casual users but will still let URL shorting services through.

Bart...
May 04, 2021, 01:51:42 AM #2
Thanks, I'm trying to move to the unbound dns via DNSBL, but the lists are not as extensive as those for the proxy.  If I wanted to block all video streaming sites, it would be a very difficult task via DNSBL.  I just can't find good lists like you can with squid. 
May 04, 2021, 08:00:47 AM #3
If you have a URL list, run a script to pick out the FQDN's and add those to a DNS block list.

You're obviously running the risk of false positives (e.g. http://interesting.site.com/video) and you'll miss any IP address links in the Squid list. You'd need to add those to an alias you block on a firewall rule.

Bart...
Print
Go Up Pages1
User actions