I heard that other Firewalls use for URL Filtering in https traffic the commonName of the certificate itself which allows Filtering without breaking the https encryption.
With the commonName (CN) in the certificate the website can be categorized.
Is this a possibilty in IPFire too?
I never really got he URL Filtering working and I thought its due to the encyrption and/or allowing https traffic and/or no proxy usage, but this method seems to work with everything of that off.
From my perspective, knowing how busy the devs are with both the IPFire work but also their days jobs to be able to pay the bills etc, a better approach would be for a user to submit a patch to the dev mailing list for the function desired.
This doesn’t guarantee a patch will be accepted but it acts as the starting point for a dialogue with the devs to come up with a solution that fits within the IPFire framework.
If the expectation is that the small team of devs will do all the work from a suggestion then it might take some time as all of them are very busy with existing activities. So in that case be prepared to wait until the item works its way down the list.
Isn’t CN filtering pretty much the same as DNS filtering except you can have lots of different domains covered by a single CN? It would have the advantage that DoH and other DNS tunnelling wouldn’t affect the CN which appears over HTTP.
