Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Dansguardian "SSL man in the middle Filtering" option

    Cache/Proxy
    2
    4
    1.6k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jkrueger2020
      last edited by

      So I'm confused about something. I wanted to get Dansguardian up an running (yes I know it isn't being developed anymore), but from what I've seen I haven't found a better free solution. What I'm really looking to find is a solution to do SSL individual page keyword weighted filtering. I installed squid version 2.7 legacy branch and dansguardian and see an option for "SSL man in the middle Filtering." My questions are:

      1. Does this option work? If so, what do I need to do to configure it? I already created a self signed cert and cert authority and selected them from the Dansguardian options on the General tab and saved the settings. However, when I try to test if it's working searching google (using https) for a keyword that should be blocked, the page doesn't get blocked like it does on non-ssl pages. So obviously I'm doing something wrong. Any ideas?

      2. If this feature does work, which version of squid should I be using? I noticed a message in Packages for Squid3 saying "WARNING! This package bundles ClamAV that conflicts with 'Dansguardian'." B/c of that warning I went with the legacy branch of squid, but I'm pretty sure I've read somewhere that the legacy branch of squid doesn't support SSL. So I'm confused which version of squid to use (and what I'm doing wrong if I'm on the right version of squid) to get the SSL man in the middle filtering option working.

      Can anyone help to shed some light on this?

      Thanks!

      1 Reply Last reply Reply Quote 0
      • D
        doktornotor Banned
        last edited by

        If you don't care about AV being broken, you are probably fine with Squid 3.4. With Squid 2.7, you won't get any access denied error page, since you need SSL interception working. You'll just get a browser error if something is blocked. As for why'd it NOT blocked, I'd suggest searching this forum. The DG thing is dead, been unmaintained for considerable time and noone will do any fixes there.

        You can check the E2G thread, however the AV suffers from the same conflicts problem. ClamAV just needs to be a completely separate package shared b/w whatever uses it – which is not doable before 2.3.

        1 Reply Last reply Reply Quote 0
        • J
          jkrueger2020
          last edited by

          Thanks for the reply. I can live without antivirus, so I'll give that a try with the newer version of squid. I had thought that error message meant Dansguardian wouldn't work.

          @doktornotor:

          You can check the E2G thread, however the AV suffers from the same conflicts problem.

          Isn't E2G URL only filtering - not weighted keyword like Dansguardian? I had looked at it briefly but thought it wouldn't do weighted keywords like Dansguardian. Perhaps I'm mistaken?

          1 Reply Last reply Reply Quote 0
          • D
            doktornotor Banned
            last edited by

            No idea. I'm not censoring my internet. :P

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.