Internal website blocking using DNS server
I have an internal network DNS server running on windows server 2016.
Currently I have the DNS server to redirect all requests to blocked websites to an internal tomcat server which will display a custom message stating that the site is blocked.
This currently works, however, of course if the site is using HTTPS then all browsers have a hissy fit as it thinks that there is a MITM attack as I am unable to authenticate myself as https://somesite.com.
From my understanding I can fix this with Active Directory and issue a root certificate to allow the internal server to spoof itself as any website.
I am new to Windows AD but have the basic AD server running with users set up, however, I am unsure how to progress to be able to issue a root certificate to users to allow displaying of blocked pages.
Any help or pointing in the right direction would be greatly appreciated.
dns active-directory https tomcat trusted-root-certificates
asked Jan 17 at 16:49
jordan tjordan t
11
add a comment |
I have an internal network DNS server running on windows server 2016.
Currently I have the DNS server to redirect all requests to blocked websites to an internal tomcat server which will display a custom message stating that the site is blocked.
This currently works, however, of course if the site is using HTTPS then all browsers have a hissy fit as it thinks that there is a MITM attack as I am unable to authenticate myself as https://somesite.com.
From my understanding I can fix this with Active Directory and issue a root certificate to allow the internal server to spoof itself as any website.
I am new to Windows AD but have the basic AD server running with users set up, however, I am unsure how to progress to be able to issue a root certificate to users to allow displaying of blocked pages.
Any help or pointing in the right direction would be greatly appreciated.
dns active-directory https tomcat trusted-root-certificates
asked Jan 17 at 16:49
jordan tjordan t
11
add a comment |
I have an internal network DNS server running on windows server 2016.
Currently I have the DNS server to redirect all requests to blocked websites to an internal tomcat server which will display a custom message stating that the site is blocked.
This currently works, however, of course if the site is using HTTPS then all browsers have a hissy fit as it thinks that there is a MITM attack as I am unable to authenticate myself as https://somesite.com.
From my understanding I can fix this with Active Directory and issue a root certificate to allow the internal server to spoof itself as any website.
I am new to Windows AD but have the basic AD server running with users set up, however, I am unsure how to progress to be able to issue a root certificate to users to allow displaying of blocked pages.
Any help or pointing in the right direction would be greatly appreciated.
dns active-directory https tomcat trusted-root-certificates
asked Jan 17 at 16:49
jordan tjordan t
11
I have an internal network DNS server running on windows server 2016.
Currently I have the DNS server to redirect all requests to blocked websites to an internal tomcat server which will display a custom message stating that the site is blocked.
This currently works, however, of course if the site is using HTTPS then all browsers have a hissy fit as it thinks that there is a MITM attack as I am unable to authenticate myself as https://somesite.com.
From my understanding I can fix this with Active Directory and issue a root certificate to allow the internal server to spoof itself as any website.
I am new to Windows AD but have the basic AD server running with users set up, however, I am unsure how to progress to be able to issue a root certificate to users to allow displaying of blocked pages.
Any help or pointing in the right direction would be greatly appreciated.
dns active-directory https tomcat trusted-root-certificates
dns active-directory https tomcat trusted-root-certificates
asked Jan 17 at 16:49
jordan tjordan t
11
asked Jan 17 at 16:49
jordan tjordan t
11
asked Jan 17 at 16:49
jordan tjordan t
11
asked Jan 17 at 16:49
jordan tjordan t
11
asked Jan 17 at 16:49
jordan tjordan t
11
11
add a comment |
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1395465%2finternal-website-blocking-using-dns-server%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1395465%2finternal-website-blocking-using-dns-server%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
