Block some users with Bind9
emilianovazquez at gmail.com
Wed Jul 25 23:22:33 UTC 2012
> block udp dst port 53 is good but you must to take in account that maybe
> some of your services\servers needs this access for whatever reason
> there is.
> if you are using squid in transparent mode it's good enough for basic
> http blocking.
> to block HTTPS you will need to force your users to use the proxy server
> using some WPAD + DHCP \ Group policy.
> either of them can lead to some problems so you can test it first and
> see if it's for you.
> there is an option of SSL-BUMP in squid that can take a lot off but you
> must install the local root-ca on all the clients computers.
I read some articles about this but never give a try yet.
> i suggest for you to first implement the basic allow\deny acls in squid
> for the intercepted traffic and later see what is the effect.
At the moment if i send 443tcp traficc to squid i got and "unknow
request" on access.log.
Thanks for your time Eliezer
Emiliano Vazquez | PcCentro Informatica & CCTV
Office: +54 (11) 4951-0203 Interno 4
Mail: emilianovazquez at gmail.com
More information about the bind-users