jeroennijhof
commented
10 years ago OMG I don't know how this happened but I noticed this request just now... Why did you add https support? Cisco is not supporting https with urlserver.
Closed liveaverage closed 10 years ago
jeroennijhof
commented
10 years ago OMG I don't know how this happened but I noticed this request just now... Why did you add https support? Cisco is not supporting https with urlserver.
liveaverage
commented
10 years ago Hi,
The Cisco ASA 5520 supports https filtering, but because it's https it only sends the IP address... Blocking by IP (using squidguard) works great, but I've debated the addition of SSL certificate subject name checks using python (to C).
I've also added the ability to use squidguard redirect URLs (vs a static URL):
https://github.com/liveaverage/openufp
Thanks for a great project! Works fantastic!
JR
On Tue, Dec 17, 2013 at 4:36 AM, jeroennijhof notifications@github.comwrote:
OMG I don't know how this happened but I noticed this request just now... Why did you add https support? Cisco is not supporting https with urlserver.
— Reply to this email directly or view it on GitHubhttps://github.com/jeroennijhof/openufp/pull/1#issuecomment-30737200 .
jeroennijhof
commented
10 years ago @liveaverage I cleaned up the code after the merge and added the username support as default in the squidguard function so you don't need it to specify. It will look for the user data itself. Could you test the latest code from git? If it still works for you?
And another question, is it possible for you to capture the websense request including the username? Because I like to put a usr variable in the websns_req struct as correctly as possible.
currently it only supports the squidguard backend as I needed this to work with sg ldapusersearch lookups (it already works fine with ldapipsearch lookups). Should be easy to extend to proxy checks if desired; I might try to do this if I need to use a proxy backend, but I don't think I can beat the performance of using straight squidguard.