By default installation package of Diladele Web Safety (ddws) has HTTPS filtering disabled as performing decryption of HTTPS is a very controversial topic and hence not every installation needs it out of the box. But if you are the sole owner of your network (as in home network for example) having HTTPS filtering enabled brings huge benefits – you see all your (and what is more important your kids) searches on Google and are able to monitor and block sites with questionable contents from the search results. Facebook or YouTube sites start to look better with AdBlock provided filtering snippets applied by ddws.
This short post will tell you how to enable HTTPS filtering with Diladele Web Safety and Squid installed on your proxy server:
- Login to Web Administrator Console of DDWS by typing http://your_proxy_address in the web browser. Use the predefined credentials root and P@ssw0rd.
- Select Settings, HTTPS Filtering, Filtering Mode and set checkbox Filter All Connections by Default. Press blue Save Settings button.
- Click the Exclusions tab and then Add New to add some domains which should never be decrypted, like for example a bank .abnamro.nl (note the leading “.” dot – it will apply the exclusion on all subdomains of abnamro.nl).
- Install predefined certificate on your device by clicking the Install Certificate button and selecting the type of device. This step is crucial to get rid of warnings about decrypted HTTPS connections in the browsers. It is also strongly recommended to regenerate and replace this certificate manually (see another howto).
- Click Apply and Reload ICAP server button in the top right corner and then Save and Restart.
- While Diladele Web Safety is restarted, log into your proxy using SSL or console and restart Squid by typing “
service squid3 restart“. The restart of Squid from Web Console from Diladele Web Safety is not implemented yet and will be included into version 3.1.
After restart of your browser all HTTPS connections will be decrypted and all searches on Google will be correctly filtered by Diladele Web Safety.