[squid-users] Transparent SSL allowed list. If not possible with squid, would it be possible other ways?

From: Matthew Young <myoung24866_at_gmail.com>
Date: Thu, 29 Oct 2009 13:14:13 -0500

Hello,

Ive been advised by Amos in past postings that having transparent SSL
manipulation with SQUID is not possible, agreed. However I need to be
able to _somehow_ have an allowed list of ssl sites specific to each
LAN user (based on private IP or MAC) that he/she can access. Again
this has to be with squid configured as transparent, and not with a
pac file or settings in a browser.

If squid definately cannot help here, I thought of a way to then take
my list of SSL enabled sites (gmail.com for example) and resolve the
domain to an IP and then add it in a firewall so that X user has
access to port 443 on that firewall. However the downside to this is
that if gmail changes the IP (which they will) the firewall rule which
is static would need an update.

Other a lot more complicated way would be for a packet sniffer on the
outgoing DNS connection soliciating the access to enabled ssl site
and then immediately create a firewall rule for that.

What is the best practice?

Thank you.

- Andres
Received on Thu Oct 29 2009 - 18:14:20 MDT

This archive was generated by hypermail 2.2.0 : Fri Oct 30 2009 - 12:00:03 MDT