Sven Hartge wrote: > Michael I. wrote: > > Is there really no way to redirect https request to an errorpage with > > squid3+squidguard? > > Short answer: No, there is not.
+1, No there is not for the reasons Sven described. > Long answer: The only way is to setup a transparent proxy, intercepting > any outbound connection and terminating the encryption on the proxy. You > will need a fake CA certificate with which the proxy is able to create > fake server certificates so the client still thinks it is connected to > the real server. > > And here it gets a) dangerous and b) expensive. It is extremely bad, bad, bad, as well as dangerous. I haven't been following the news in great detail but read all about Komodia's recent news articles. Komodia's cracking tools are used in Superfish and Lenovo was in trouble for pre-installing Superfish. They apparently do exactly the above of setting up a fake certificate authority on the local machine and proxying https through. And made multiple mistakes in the implementation making them a security disaster in multiple different ways. Very bad. There are many news articles on the debacle to read all about it. Don't do it. Bob
signature.asc
Description: Digital signature
