4

I've been assigned to research out and spec replacing our old and decrepit http content filtering system. There are several open source filtering packages available but I've not come across one that does SSL inspection.

The new system will scale to many branches of different sizes, from say 10 users to a few hundred, so purchasing an appliance for each branch isn't desirable.

When we're further along, we will do custom programming as we have a few unique needs in other aspects of filtering, so if the suggestion takes a bit of customization, it won't be a problem.

user21464
  • 43

4 Answers4

1

I've not used it, but take a look at http://www.delegate.org/delegate/mitm/ - this in conjunction with dansguardian may provide HTTPS filtering.

BrianEss
  • 411
1

Dug Song's dsniff package has a mitm tool that should be able to do this. The code, while old, is in C and available from his site and the license is attribution-only.

adric
  • 531
0

What do you mean by content filtering? If its anything that inspects the traffic while its in transit you're going to run into SSL errors-since one of the things SSL is specifically for is to stop people from peering at your traffic while in transit.

Josh Budde
  • 2,368
0

short answer: Man in the middle ... that is the problem SSL was designed to solve.

longer answer: Some companies actually do accomplish this, but they force each browser and certificate store to trust their own certificate authority (CA), and the MITM can snoop on everything, quite dishonestly (albeit in accordance with your NDA).

Purfideas
  • 163