Agreed - This is how I do it. I use Tinyproxy and DG. I block all web
access with M0n0 except for the proxy server. Then I use automatic
browser configuration (google wpad and proxy.pac).
I also output the log files in squid format and use a program called
"srg" which is run every 15 minutes as a cron job so that I can check up
on what the users are surfing.
I love it! My users hate it ;-)
> You need to use the proxy by configuring your clients to use it, and not
> using an intercepting proxy. When the browsers are configured for the
> proxy they will send a CONNECT request. You will then be able to block
> based on the destination server (domain name or IP address), but you
> won't see the URL path at all.
> This means you still have a log of what server the user connected to but
> not exactly what they did whilst they were there. Which is the best
> you'll get without breaking the certificate chain and having the user
> prompted on each request (which is technically possible but really
> screws around with the authenticity of a secure connection).