What is Required to Filter HTTPS?

In order to be able to filter HTTPS we need to deploy a proxy that can decrypt HTTPS connections and re-encrypt them back after filtering. One of such proxies is Squid (http://www.squid-cache.org).

Usually Squid proxy can be found in default repositories of all modern Linux versions (Ubuntu, CentOS, Debian) as well as FreeBSD, pfSense and even Microsoft Windows (http://squid.diladele.com). Unfortunately sometimes we need to recompile Squid from source as it may not contain all compiler switches required for successful HTTPS filtering.

Our installation guides for different operating systems contain everything necessary (including automation scripts) for recompilation. There is also a link to preconfigured Virtual Appliance which already includes everything required for HTTPS filtering.