Dansguardian "SSL man in the middle Filtering" option
So I'm confused about something. I wanted to get Dansguardian up an running (yes I know it isn't being developed anymore), but from what I've seen I haven't found a better free solution. What I'm really looking to find is a solution to do SSL individual page keyword weighted filtering. I installed squid version 2.7 legacy branch and dansguardian and see an option for "SSL man in the middle Filtering." My questions are:
1. Does this option work? If so, what do I need to do to configure it? I already created a self signed cert and cert authority and selected them from the Dansguardian options on the General tab and saved the settings. However, when I try to test if it's working searching google (using https) for a keyword that should be blocked, the page doesn't get blocked like it does on non-ssl pages. So obviously I'm doing something wrong. Any ideas?
2. If this feature does work, which version of squid should I be using? I noticed a message in Packages for Squid3 saying "WARNING! This package bundles ClamAV that conflicts with 'Dansguardian'." B/c of that warning I went with the legacy branch of squid, but I'm pretty sure I've read somewhere that the legacy branch of squid doesn't support SSL. So I'm confused which version of squid to use (and what I'm doing wrong if I'm on the right version of squid) to get the SSL man in the middle filtering option working.
Can anyone help to shed some light on this?
If you don't care about AV being broken, you are probably fine with Squid 3.4. With Squid 2.7, you won't get any access denied error page, since you need SSL interception working. You'll just get a browser error if something is blocked. As for why'd it NOT blocked, I'd suggest searching this forum. The DG thing is dead, been unmaintained for considerable time and noone will do any fixes there.
You can check the E2G thread, however the AV suffers from the same conflicts problem. ClamAV just needs to be a completely separate package shared b/w whatever uses it – which is not doable before 2.3.
Thanks for the reply. I can live without antivirus, so I'll give that a try with the newer version of squid. I had thought that error message meant Dansguardian wouldn't work.
You can check the E2G thread, however the AV suffers from the same conflicts problem.
Isn't E2G URL only filtering - not weighted keyword like Dansguardian? I had looked at it briefly but thought it wouldn't do weighted keywords like Dansguardian. Perhaps I'm mistaken?
No idea. I'm not censoring my internet. :P