Is it possible to do default deny web filtering with a RB750G? We want have a list of url’s (less than 100) that clients behind the router can access. All other access to the web should be blocked.
Thanks, that’s what I was looking for.
I realized a proxy solution will not work for HTTPS since it constitutes a MITM attack. Is there any way to filter HTTPS by URL’s?
No, since the host and path requested are only inside the SSL wrapper.
What about using SNI feature of SSL and TLS to find the hostname?
http://en.wikipedia.org/wiki/Server_Name_Indication
Untangle does this using SNI to find the hostname:
http://wiki.untangle.com/index.php?title=8.0_Changelog&direction=prev&oldid=12879
Now uses SNI to filter HTTPS traffic by hostname
Also, DansGuardian does this. Not sure how.
http://dansguardian.org/?page=introduction
The URL filtering is able to filter https requests.