How to Filter HTTPS with Squid and Diladele Web Safety

By default installation package of Diladele Web Safety (ddws) has HTTPS filtering disabled as performing decryption of HTTPS is a very controversial topic and hence not every installation needs it out of the box. But if you are the sole owner of your network (as in home network for example) having HTTPS filtering enabled brings huge benefits – you see all your (and what is more important your kids) searches on Google and are able to monitor and block sites with questionable contents from the search results. Facebook or YouTube sites start to look better with AdBlock provided filtering snippets applied by ddws.

This short post will tell you how to enable HTTPS filtering with Diladele Web Safety and Squid installed on your proxy server:

  1. Login to Web Administrator Console of DDWS by typing http://your_proxy_address in the web browser. Use the predefined credentials root and P@ssw0rd.

    Step1

  2. Select Settings, HTTPS Filtering, Filtering Mode and set checkbox Filter All Connections by Default. Press blue Save Settings button.

    step2

  3. Click the Exclusions tab and then Add New to add some domains which should never be decrypted, like for example a bank .abnamro.nl (note the leading “.” dot – it will apply the exclusion on all subdomains of abnamro.nl).

    step3

  4. Install predefined certificate on your device by clicking the Install Certificate button and selecting the type of device. This step is crucial to get rid of warnings about decrypted HTTPS connections in the browsers. It is also strongly recommended to regenerate and replace this certificate manually (see another howto).

    step4

  5. Click Apply and Reload ICAP server button in the top right corner and then Save and Restart.

    step5

  6. While Diladele Web Safety is restarted, log into your proxy using SSL or console and restart Squid by typing “service squid3 restart“. The restart of Squid from Web Console from Diladele Web Safety is not implemented yet and will be included into version 3.1.

After restart of your browser all HTTPS connections will be decrypted and all searches on Google will be correctly filtered by Diladele Web Safety.

About sichent

sichent
This entry was posted in Diladele, HTTPS, ICAP, Linux, squid and tagged , . Bookmark the permalink.

2 Responses to How to Filter HTTPS with Squid and Diladele Web Safety

  1. jeff donovan says:

    question on https setup, if I already have squid running with a self signed cert, do I need to click the orange { Install SSL Certificates } ?
    or
    does qlproxy read the squid.conf for the location of the cert?

    im using
    ubuntu 14
    Diladele Web Safety for Squid Proxy, version 3.1.0.2992, © Diladele B.V. 2013.
    squid3

    • sichent says:

      Hello Jeff, qlproxy does not read settings from Squid yet, so no you do *not* need to install qlproxy’s default certificates, just continue to use yours. The Web UI of qlproxy just sends the certificates from /etc/opt/quintolabs/qlproxy/*.cer when yellow button is clicked, it does not do anything else. This is for admin’s convenience.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s