Check HTTP and HTTPS are Transparently Filtered

In order for HTTPS filtering to function correctly we must install the proxy certificate from /opt/websafety/etc/myca.der into Trusted Root Certification Authority on all workstations in our network. Please see the Install Trusted Certificates for instructions how to do it. The self signed root certificate to be installed is available from the login page of Web Safety.

../../_images/root_ca1.png

The following screenshots show that normal HTTP requests were filtered transparently.

../../_images/http_filtered3.png

The following screenshots show that HTTPS request was decrypted:

../../_images/decrypted.png

and after installing certificate as trusted in Root Certification authority there is no explicit proxy set:

../../_images/google1.png

and google site was SSL bumped (the root certificate is from diladele.com and not from Global Trust as usual):

../../_images/google2.png

And finally browsing to Google and searching for an adult term (e.g. NSFW) we get the HTTPS request filtered and blocked transparently.

../../_images/https_filtered3.png

Resume

We now have the default gateway in our network capable of transparently filtering HTTP and HTTPS traffic. All workstations in our network trust the root certificate from proxy and thus get their HTTPS request decrypted and filtered. Browsing environment in our network became much safer.

Just in case here is the archive with all scripts mentioned in this article

Some more ideas to implement