I have used Transparent Web Proxy to redirect user traffic allowing access to some websites and blocking the remaining internet but it only works for HTTP traffic. Can someone please guide me how can I allow and block HTTPS based websites such as banking sites for the users?
I think hotspot might work for this.
you can setup the hotspot and only authenticated users can go out to the internet at large, but then you add the websites you want allowed for everyone in the walled garden. I did this for a church and it seems to work well.
The only way to use the proxy to filter out HTTPS websites is to have each client configure the proxy settings for their computers, then you can have the necessary accept and deny rules. The reason for this is because you cannot intercept HTTPS traffic transparently, the computer will detect this and throw a warning up, as it should since you are in essence doing a man in the middle attack.
There are a couple of other options open to you, neither is perfect.
1.) Force the end users to use your DNS servers and configure the DNS server in such a way that it will only return valid IP addresses for domains that you want, and an invalid IP for domains you don’t want. This can be bypassed however by the end user putting the IP address directly into their browser, or them editing their host file.
2.) Figure out the IP address of the server(s) you want to allow, and deny everything else.