I'm running Squid and SquidGuard on a Slackware64 14.0 server to filter Internet content for two local schools. The proxy works in "transparent" mode, e. g. all HTTP requests are redirected by an iptables rule to port 3128, to be handled by Squid. Thus, no one escapes the filtering proxy.
Unfortunately, Squid isn't well suited for handling HTTPS connections. And of course, the students have already figured out how to connect to https://www.facebook.com
I've done quite some googling, read a load of articles about the subject, but my conclusion is that no one seems to have found a really satisfying conclusion here.
One more detail: some users should be allowed to still use Facebook in the network. I've created different subnets for students and staff.
Ah yes... I wonder if it's still possible in theory to connect to Facebook in plain HTTP. I couldn't manage it, since I always get redirected to https://www.facebook.com
Any suggestions for this?