I'm trying to compare these 2 solutions when it comes to content blocking :
1 – A pFSense appliance with SQUID and SQUIDGUARD packages configured
2 – A Watchguard FW that uses Websense
So, in order to block something like https://www.facebook.com, using Squidguard aparently I have to perform a MITM attack , or give up on the option of using the Transparent Proxy mode, but the Watchguard manages to block the very same page without losing the Transparent proxy option. Can someone help me understand how does that work, please?
Best Answer
The Watchguard has HTTPS full-content inspection in the same way by installing an SSL certificate and doing a Man-In-The-Middle (MITM) attack on all the traffic, but it can blocking domain names without resorting to that by looking at the Server Name Indicator field sent out by the browser so the server can identify which SSL certificate to answer with, and by looking at the SSL certificate returned from the server to see which domain names it's signed for.