Hi

and thanks for the feedback. I have Splice running OK however want I really 
want to do is to allow the splice when a user opens a link that navigates to 
https://www.youtube.com/embed/blahblah but not allow the user just to go 
directly to https://www.youtube.com and access the full site.

I can append a key to the https://www.youtube.com/embed/blahblah url that squid 
could use in the ACL but I am unsure if the query would be visible at that 
point to allow the Splice to be allowed only if this key is present.

I have looked at Dansguardian and other solutions but just a controlled splice 
is the sexy option..

thanks again





Sent from Mailbird 
[http://www.getmailbird.com/?utm_source=Mailbird&utm_medium=email&utm_campaign=sent-from-mailbird]
On 24/02/2016 7:05:19 AM, Amos Jeffries <squ...@treenet.co.nz> wrote:
On 24/02/2016 11:19 a.m., Darren wrote:
>
> Hi
>
> As Google owns the entire food chain (when you use Chrome talking to Youtube) 
> SSL_Bump upsets everything and the browser blocks access detecting the MITM 
> bump.
>
> I am looking at school level protection so I want to avoid installing certs 
> on the clients and create a seamless experience.
>
> I am playing with the restrict.youtube.com feature at the moment, at least 
> this should limit the IP addresses I see in the CONNECT sessions.
>

FWIW: the SSL-Bump splice functionality (without 'bump') does not
require certificate installation on the clients, but still gives the
control benefits of intercepting port 443 and SNI server name ACLs. It
also works seamlessly with the current fad of certificate pinning in
browsers.

Amos
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Reply via email to