block udp dst port 53 is good but you must to take in account that maybe
some of your services\servers needs this access for whatever reason
there is.
That's true.
if you are using squid in transparent mode it's good enough for basic
http blocking.
to block HTTPS you will need to force your users to use the proxy server
using some WPAD + DHCP \ Group policy.
either of them can lead to some problems so you can test it first and
see if it's for you.
there is an option of SSL-BUMP in squid that can take a lot off but you
must install the local root-ca on all the clients computers.
I read some articles about this but never give a try yet.
i suggest for you to first implement the basic allow\deny acls in squid
for the intercepted traffic and later see what is the effect.
Regards,
Eliezer
At the moment if i send 443tcp traficc to squid i got and "unknow
request" on access.log.
Thanks for your time Eliezer
Best regards.
--
Emiliano Vazquez | PcCentro Informatica & CCTV
Office: +54 (11) 4951-0203 Interno 4
Movil: 011-15-6253-7165
Mail: emilianovazq...@gmail.com
Web: http://www.pccentro.com.ar
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
