10-11-2017, 07:27 PM
Wish my memory was better but scrapped the idea of squid / dansguardian as been round this one before squid / dansguardian is completely useless unless you use MITM ssl filetering.
My vague memory sparked a community centre I once had squid / dansguardian and the realization that kids no what https is and also anonymous proxies, the URL filter was always playing catch up and got ditched because of needed admin time (blacklist / whitelist requests) all the time.
Also because we where public and had open sessions there was such a huge grey area in privacy that even if technically feasible, legally ssl filtering definitely is not depending on environment if there is no user signature.
I have a MS type illness that plays havoc with my memory and others and it took a while to remember why I abandoned this and had an opinion http / url filtering is pretty damn pointless server wise.
The kids that frequented the center knew the anonymous proxies and the dans/squid just seemed to encourage a few to show how clever they where.
Twas a complete failure.
If you are going to do MITM then boy do you need something with some meat to be encrypting / decrypting & filtering volume user ssl and started seeing many implementations as pure snake oil of no worth.
Best way to do it would have internal nat with a dedicated mitm proxy & filter but the whole self issuing certificate distribution is a complete pia and thinking scrap that idea.
Anyone with more recent or contary experience as its almost 5 years ago I had a Zentyal server being a relative failure for filtering.
My vague memory sparked a community centre I once had squid / dansguardian and the realization that kids no what https is and also anonymous proxies, the URL filter was always playing catch up and got ditched because of needed admin time (blacklist / whitelist requests) all the time.
Also because we where public and had open sessions there was such a huge grey area in privacy that even if technically feasible, legally ssl filtering definitely is not depending on environment if there is no user signature.
I have a MS type illness that plays havoc with my memory and others and it took a while to remember why I abandoned this and had an opinion http / url filtering is pretty damn pointless server wise.
The kids that frequented the center knew the anonymous proxies and the dans/squid just seemed to encourage a few to show how clever they where.
Twas a complete failure.
If you are going to do MITM then boy do you need something with some meat to be encrypting / decrypting & filtering volume user ssl and started seeing many implementations as pure snake oil of no worth.
Best way to do it would have internal nat with a dedicated mitm proxy & filter but the whole self issuing certificate distribution is a complete pia and thinking scrap that idea.
Anyone with more recent or contary experience as its almost 5 years ago I had a Zentyal server being a relative failure for filtering.
