Koozali.org: home of the SME Server

Dansguardian does not block HTTPS

Offline bas

  • **
  • 31
  • +0/-0
Dansguardian does not block HTTPS
« on: January 21, 2005, 01:44:04 PM »
:idea:A few weeks ago i started testing dansguardian. Now i discovered that https: connections pass the banned list.
Who can help me change this so all https and http traffic gets the same blocks.
......

Offline CharlieBrady

  • *
  • 6,918
  • +3/-0
Re: Dansguardian cannot block HTTPS
« Reply #1 on: January 21, 2005, 08:25:51 PM »
Quote from: "bas"
:idea:A few weeks ago i started testing dansguardian. Now i discovered that https: connections pass the banned list.
Who can help me change this so all https and http traffic gets the same blocks.


I don't see how dansguardian could selectively block https traffic. The whole point of https traffic is that the content of the traffic (including the exact URL visited) is a secret between the browser and the destination webserver. And that the browser knows that it is talking to the real destination webserver, not some imposter who is intercepting the traffic.

wallyrp

Dansguardian does not block HTTPS
« Reply #2 on: January 21, 2005, 08:44:52 PM »
Good Afternoon,

This has been discussed in this thread at length:

http://forums.contribs.org/index.php?topic=9062.msg34284#msg34284

The only thing I can think of is that the url can be blocked based on the initial request that begins the session, if that makes sense. Regarding any other method, I'm not aware of them. There are supposedly filters out there that packet sniff but they are terribly expensive and not effective based on my experiences.

My friend and I discussed this at length as we deal with many schools regarding filters and the likes. Our conclusion is to totally block https for all users during business hours or permanently for everyone with very few exceptions. I haven't done this yet but I'm about there as I have separate filters for the students and the staff. Both filters require authentication to log activity. If there are any other suggestions, I'm open for ideas.