[ previous ] [ next ] [ threads ]
 
 From:  SDamron <sdamron at gmail dot com>
 To:  "Don Munyak" <don dot munyak at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] dansguardian squid transparent proxy rdr
 Date:  Wed, 27 Dec 2006 12:44:25 -0600
Yeah, and you can't.  If you do not want them to be able to surf their
bank accounts, or check their web based email using SSL, they you
either block SSL (port 443) or you block specific sites, one or the
other.  I work for a company where we have over 60 proxy servers which
feed upstream to a reverse proxy, and we have to do it the same way,
there is no way to filter anything that is connected using SSL, you
either block SSL, or the sites.

On 12/27/06, Don Munyak <don dot munyak at gmail dot com> wrote:
> ---------- Forwarded message ----------
> From: SDamron <sdamron at gmail dot com>
> Date: Dec 27, 2006 1:17 PM
> Subject: Re: [m0n0wall] dansguardian squid transparent proxy rdr
> To: Don Munyak <don dot munyak at gmail dot com>
> Cc: m0n0wall at lists dot m0n0 dot ch
>
>
> You would need to use a list to block that type of thing.  That is one
> of the major reasons that companies make money from selling content
> filtering solutions, they spend A LOT of TIME compiling the lists for
> blocking, say, All web based email, etc.  If you wanted to block say
> something like GMail, you would just block *.gmail.com, or
> *.gmail.google.com, or some such thing.
>
>
> SDamron,
>
> Filtering by domain, ip, phraselist ins't really the issue, although I
> appreciate your feedback.
>
> When a user on the LAN requests a page via http(80), m0n0wall
> redirects that request to the server on the DMZ. The server on the DMZ
> then approves or blocks the request. If approved, the server then acts
> as a proxy for all communication between client request and public
> server response.
>
> Currently, all https( 443) requests are not redirected to the server
> on the DMZ. The "how to make this happen" was my question, in terms of
> m0n0wall.
>
> Don
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>


-- 
-------------------------------
A fight to the death between zombies has a few inherent problems.