Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Ssl filtering transparent and non-transparent

    Scheduled Pinned Locked Moved Bounties
    63 Posts 11 Posters 40.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • marcellocM
      marcelloc
      last edited by

      Anyone interested in it?

      I'm trying to fix dansguardian code to support it.

      Treinamentos de Elite: http://sys-squad.com

      Help a community developer! ;D

      1 Reply Last reply Reply Quote 0
      • N
        Nachtfalke
        last edited by

        I would be interested in such a feature but I need to use it with squid + squidguard ;-)

        1 Reply Last reply Reply Quote 0
        • marcellocM
          marcelloc
          last edited by

          @Nachtfalke:

          I would be interested in such a feature but I need to use it with squid + squidguard ;-)

          I'll start tests with squid too.  ;)

          Treinamentos de Elite: http://sys-squad.com

          Help a community developer! ;D

          1 Reply Last reply Reply Quote 0
          • marcellocM
            marcelloc
            last edited by

            On squid, it works!  ;D

            with interception disabled

            1359780382.176      0 172.16.3.65 NONE/000 0 CONNECT ssl.gstatic.com:443 - HIER_NONE/- -
            1359780382.474      0 172.16.3.65 NONE/000 0 CONNECT www.gstatic.com:443 - HIER_NONE/- -
            
            

            with interception enabled squid logs https url request.

            1359779615.201     19 172.16.3.65 TCP_MISS/304 316 GET https://www.google.com.br/images/nav_logo117.png - HIER_DIRECT/74.125.234.191 -
            1359779615.263     71 172.16.3.65 TCP_MISS/304 224 GET https://www.google.com.br/xjs/_/js/s/c,sb,cr,cdos,vm,tbui,mb,wobnm,klc,kat,esp,bihu,kp,lu,m,amcl,erh,hv,lc,ob,rsn,sf,sfa,shb,tbpr,hsm,j,p,pcc,csi/rt=j/ver=rXkZsHYxGmc.en_US./am=BA/d=1/sv=1/rs=AItRSTPxL_E1JO7l3HoY7bnG_Sb4_ggcyw - HIER_DIRECT/74.125.234.191 -
            1359779615.434      0 172.16.3.65 NONE/000 0 CONNECT www.google.com.br:443 - HIER_NONE/- -
            1359779615.511      0 172.16.3.65 NONE/000 0 CONNECT www.gstatic.com:443 - HIER_NONE/- -
            1359779615.523     17 172.16.3.65 TCP_MISS/304 224 GET https://www.google.com.br/xjs/_/js/s/sy8,gf,tng,sy43,sy56,sy44,sy59,sy37,sy45,sy94,sy6,sy36,sy38,sy64,sy82,sy93,sy106,sy107,sy119,sy7,sy13,mbtt,wta/rt=j/ver=rXkZsHYxGmc.en_US./am=BA/d=0/sv=1/rs=AItRSTPxL_E1JO7l3HoY7bnG_Sb4_ggcyw - HIER_DIRECT/74.125.234.191 -
            1359779615.557      0 172.16.3.65 NONE/000 0 CONNECT www.google.com.br:443 - HIER_NONE/- -
            1359779615.713    154 172.16.3.65 TCP_MISS/204 303 GET https://www.google.com.br/csi? - HIER_DIRECT/74.125.234.191 image/gif
            
            

            Treinamentos de Elite: http://sys-squad.com

            Help a community developer! ;D

            1 Reply Last reply Reply Quote 0
            • N
              Nachtfalke
              last edited by

              which version of squid?
              Or does this work on both squid2 and squid3 ?

              1 Reply Last reply Reply Quote 0
              • marcellocM
                marcelloc
                last edited by

                @Nachtfalke:

                which version of squid?
                Or does this work on both squid2 and squid3 ?

                starts working on squid 3.1

                Treinamentos de Elite: http://sys-squad.com

                Help a community developer! ;D

                1 Reply Last reply Reply Quote 0
                • W
                  wheelz
                  last edited by

                  Are you talking about full content (not just connect host) using dansguardian for ssl including the dynamic certificate generation to avoid the security warnings?  I understand that the clients would have to trust my root via other means.  Also I'd need to keep all the current functionality that your squid3 package has.  If so I could put up $100 for this.

                  1 Reply Last reply Reply Quote 0
                  • marcellocM
                    marcelloc
                    last edited by

                    Yes, full content filtering. On squid3, full URL filtering with squidguard.  dansguardian will need more work as the source does not has a full working config.

                    Treinamentos de Elite: http://sys-squad.com

                    Help a community developer! ;D

                    1 Reply Last reply Reply Quote 0
                    • W
                      wheelz
                      last edited by

                      So yes, then I'd put up $100.  How much are you looking for to get dansguardian set up with it?

                      1 Reply Last reply Reply Quote 0
                      • W
                        wheelz
                        last edited by

                        Would this be easily adapted to IMspector as well?

                        1 Reply Last reply Reply Quote 0
                        • marcellocM
                          marcelloc
                          last edited by

                          @wheelz:

                          Would this be easily adapted to IMspector as well?

                          Imspector has already his working mitm function for jabber/ssl.

                          Treinamentos de Elite: http://sys-squad.com

                          Help a community developer! ;D

                          1 Reply Last reply Reply Quote 0
                          • marcellocM
                            marcelloc
                            last edited by

                            @wheelz:

                            So yes, then I'd put up $100.  How much are you looking for to get dansguardian set up with it?

                            First I need to get it working. The bounty could help me to speed up the process.

                            Treinamentos de Elite: http://sys-squad.com

                            Help a community developer! ;D

                            1 Reply Last reply Reply Quote 0
                            • W
                              wheelz
                              last edited by

                              @marcelloc:

                              @wheelz:

                              So yes, then I'd put up $100.  How much are you looking for to get dansguardian set up with it?

                              First I need to get it working. The bounty could help me to speed up the process.

                              Oh, I haven't done a bounty before.  I wasn't sure if you needed more people to put some money up first or not.  Is the $100 enough to be worth it for you to do it?  If so I can send it to you tomorrow.  If not then would I send to the escrow to see if we get some other people to get it high enough?  I know you already put a lot of work into your packages for free which is great.  I wish I had more to offer but I'm trying to get this set up for home so no company backed funds. :(

                              1 Reply Last reply Reply Quote 0
                              • marcellocM
                                marcelloc
                                last edited by

                                @wheelz:

                                I wasn't sure if you needed more people to put some money up first or not.  Is the $100 enough to be worth it for you to do it?  If so I can send it to you tomorrow.

                                It will be great if more sysadmin that needs this feature donate a value.
                                I'm not asking for a specific value, but how nice a ssl filtering feature will be on pfsense gui?
                                BTW If you have in mind that this donation is to help on development instead of be sure it will be fixed, you can send it to me.

                                Thanks for your help on it.

                                Treinamentos de Elite: http://sys-squad.com

                                Help a community developer! ;D

                                1 Reply Last reply Reply Quote 0
                                • W
                                  wheelz
                                  last edited by

                                  I asked about an escrow but I guess you have to have the full required amount before they will do an escrow.  However right now we don't have a goal for it.

                                  1 Reply Last reply Reply Quote 0
                                  • X
                                    xbipin
                                    last edited by

                                    i need this for squid and squidguard, dont require it much but will support development - $25

                                    bytheway the current squid in packages is 2.7.9 pkg v.4.3.3 so would this be also upgraded to 3?

                                    1 Reply Last reply Reply Quote 0
                                    • X
                                      xbipin
                                      last edited by

                                      on behalf of a client add another $25

                                      1 Reply Last reply Reply Quote 0
                                      • O
                                        Oliver_
                                        last edited by

                                        ssl filtering in a non-transparent network would be nice!
                                        but with HAVP or eq. Virus Scanning it would be a awesome!  ;D

                                        greetings Oli

                                        1 Reply Last reply Reply Quote 0
                                        • W
                                          wheelz
                                          last edited by

                                          marcelloc, could you give us a goal amount for this that would prioritize this feature set for you?

                                          1 Reply Last reply Reply Quote 0
                                          • marcellocM
                                            marcelloc
                                            last edited by

                                            @wheelz:

                                            marcelloc, could you give us a goal amount for this that would prioritize this feature set for you?

                                            The package is almost done, I'll ask for package compilation and publish.

                                            Treinamentos de Elite: http://sys-squad.com

                                            Help a community developer! ;D

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.