natd, ipfw, squid, dansguardian

Peter Rosa prosa at pro.sk
Fri Jan 26 13:52:08 CET 2007

Previous message: natd, ipfw, squid, dansguardian
Next message: natd, ipfw, squid, dansguardian
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Zdravim,

>> tak ho pouzije aj pre https. DG vytvori akysi "tunel", ktorym https
>> prechadza transparentne, pricom stale prebieha kontrola adries a
>> stahovanych suborov.
> 
> 	To tezko, kdyz HTTPS komunikace je end-to-end sifrovana ...

naozaj to tak funguje, vyskusal som to. Ked v prehliadaci nastavim
proxy, a zaroven na gateway spustim tail -f /var/log/dans.log, tak
sa vypisuje, ze IPcka x.y.z.v pristupuje na http://a.b.c/d.htm,
ale aj https://e.f.g/h.aspx...

Neviem, ako to DG vidi (iba ak odsleduje vymenu klucov hned na zaciatku
komunikacie; alebo adresy v https protokole nie su sifrovane, obsah
komunikacie ano).

No, ale spat k problemu - vyzera to tak, ze najjednoduchsie bude 
nastavit firewall, aby to blokoval, ked sa ide na priamo.

Skoda, dufal som v neviditelne riesenie :-)


Prajem prijemny den,

Peter Rosa

Previous message: natd, ipfw, squid, dansguardian
Next message: natd, ipfw, squid, dansguardian
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users-l mailing list