[ previous ] [ next ] [ threads ]
 
 From:  "Don Munyak" <don dot munyak at gmail dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Fwd: [m0n0wall] dansguardian squid transparent proxy rdr
 Date:  Wed, 27 Dec 2006 15:35:22 -0500
---------- Forwarded message ----------
From: SDamron <sdamron at gmail dot com>
Date: Dec 27, 2006 1:44 PM
Subject: Re: [m0n0wall] dansguardian squid transparent proxy rdr
To: Don Munyak <don dot munyak at gmail dot com>
Cc: m0n0wall at lists dot m0n0 dot ch


Yeah, and you can't.  If you do not want them to be able to surf their
bank accounts, or check their web based email using SSL, they you
either block SSL (port 443) or you block specific sites, one or the
other.  I work for a company where we have over 60 proxy servers which
feed upstream to a reverse proxy, and we have to do it the same way,
there is no way to filter anything that is connected using SSL, you
either block SSL, or the sites.


What a monkey-nut I is :)

After I re-read this a few times it occurred to me that even if I
could redirect the ssl connection, the simple fact that the connection
is encrypted would prevent dansguardian from filtering the packet
details.

Thanks SDamron

Don