Block HTTPS traffic to only selected sites

Praveen asked:

The Squid at my office is currently set up as a transparent proxy. I tried to block sites like facebook.com and twitter.com and was successful because just typing in those domains do not default to the https site. However if a user were to manually enter in https://www.facebook.com, they would bypass my filter.

I have read some suggestions on the net that say to block all SSL (443) traffic but that would block gmail (which does default to https) which is not my intention. Looking for ways around this. Thanks.

My answer:


Set up SSL Bump and dynamic SSL certificates, and be sure to add your new CA to your users’ web browsers.


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.