apache or other reverse proxy.
2009/10/29 Matthew Young <myoung24...@gmail.com>: > Hello, > > > Iam looking for a way to have an allowed list of SSL enabled sites > that a end user can browse, but this entirely done on a server level > with _zero_ configuration on the pc. > > In a dream world, squid would be able to tranparently proxy https and > thus I would create an allowed list of ssl sites specific to each LAN > user (based on private IP or MAC) that he/she can access. As we know > this isnt the case because this breaks SSL. > > Does anybody know a way I can actually accomplish this? > > My Thoughts: > I thought of a way to then take my list of SSL enabled sites > (gmail.com for example) and resolve the domain to an IP and then add > it in a firewall so that X user has > access to port 443 for only those specific IPs. However the downside > to this is that if gmail (or any other site i do this) changes the IP > (which they will) the firewall rule which is static would need an > update. Besides gmails https hostname resolves to the same IP of > google.com A records so I would be fiddling with those at the same > time and thus basically be allowing or disallowing the entire google > domain when I truely really wanted just an access list of gmail.com. > > Would there be a way to make then some type of sniffer which would > capture when users try to enter a https site and then somehow create a > dynamic rule of some kind to let traffic out based on an allowed list? > > There must be a practical way, right guys? > > Thanks > > --Matt
