alt Hacker NewsIn practice, this is basically impossible to implement. As a user behind a firewall you normally expect to be able to open connections with any remote host.
In practice, this is basically impossible to implement. As a user behind a firewall you normally expect to be able to open connections with any remote host.
Not impossible at all with a policy-filtering HTTPS proxy. See https://laurikari.github.io/exfilguard/
In this model, hosts don’t need any direct internet connectivity or access to public DNS. All outbound traffic is forced through the proxy, giving you full control over where each host is allowed to connect.
It’s not painless: you must maintain a whitelist of allowed URLs and HTTP methods, distribute a trusted CA certificate, and ensure all software is configured to use the proxy.