Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The easiest route here in my opinion aside from DNS services that claim to block adult content would be to use a Squid SSL Bump proxy. It's along the lines of what you are suggesting and requires installing a self signed CA cert on the client but gives you centralized management of what domains, URLs, file types, times of day, URL patterns are allowed/permitted as well as a memory and disk cache to reduce bandwidth. This [1] is a really old example based on Squid 3.x but this concept has improved a lot in Squid 6.x. Sites that still do public key pinning there are a handful will have to be added to Squid's SSL BUMP exclusion. Ignore the term SSL, it's TLS but they kept the term the same.

[1] - https://wiki.squid-cache.org/Features/SslBump



Thanks! I was just planning on manually building something like this when my little's got older. I'll give this a go!




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: