Hi every one,
Good Day to All!
This is the scenario...
" I have a LAN with centos server.
Except for the server all others are running windows 7. I want to block access to facebook from those computers with windows 7, and if someone enters "www.facebook.com" from those computers, they should be redirected to a page running on my centos server (ip of the centos server is 192.168.0.199). What I did for that is, I added the following lines to the hosts file (at C:\Windows\system32\drivers\etc\hosts) on all windows 7 computers in the LAN.
192.168.0.199 http://www.facebook.com
Now, if I type http://www.facebook.com on those systems, I get the following message...
"This Connection is Untrusted
You have asked Firefox to connect securely to http://www.facebook.com, but we can't confirm that your connection is secure.
Normally, when you try to connect securely, sites will present trusted identification to prove that you are going to the right place. However, this site's identity can't be verified.
What Should I Do?
If you usually connect to this site without problems, this error could mean that someone is trying to impersonate the site, and you shouldn't continue.
This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox only connect to it securely. As a result, it is not possible to add an exception for this certificate.
http://www.facebook.com uses an invalid security certificate.
The certificate is not trusted because it is self-signed.
The certificate is only valid for mysite
(Error code: sec_error_unknown_issuer)"
I heard that it was an SSL issue and so I made self-signed SSL using OpenSSL.Its working fine when I enter https://mysite/ but i not able to redirect to that page.
Kindly someone suggest me how to redirect such URL to mysite custom page on LAN.
Its very urgent. Please someone help me..
Thanks in advance.
Regarding SSL
Re: Regarding SSL
Do be aware that redirecting in this way will not stop anyone using an IP address directly.
Re: Regarding SSL
What you're trying to do has no easy solution. If you create a man in the middle SSL connection like this and use your own self signed cert to spoof the end site then you'd need to trust the issuer of your cert on the client and then all SSL connections will be trusted, even those that shouldn't be. You're going to break SSL completely and make it useless.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: Regarding SSL
ok..thank you for your time and information..