We are struggling with our users visiting infected or "attack" sites and Phising in general. Most of our machines are protected by an Enterprise anti virus and monitoring solution (McAffe ePO) and we try to get people to use Firefox... But no AV is perfect and we have to endure personal machines as well (albeit on their own 'Plague' VLANs) and would like to do something about Phishing as our users seem intent on disclosing their passwords to the world...
To complicate matters we don't want to implement a block for many many reasons (political, ideological, legal etc) instead we would like to implement something akin to Firefox's "Reported Scam/Phish/Attack Site" - "Get me out of here" or crucially "Let me in anyway", giving the user a choice to still infect themselves if they feel like it (or look at a site incorrectly blacklisted).
The reason we can't just use Firefox is we have a core enterprise app only certified on IE6&7 - thank you Oracle.
Is it possible to implement this type of advisory filtering either using a proxy (in our case Squid) or DNS?
What free options are available for web content filtering? Open Source Filtering of HTTPS Traffic
Were a good start, but they don't address the advisory aspect of the filtering.
No, advisory filtering is not possible using DNS, at least not on its own.
This is because by the time the DNS has been looked up and directed the user to your diversion page it's too late to allow the user to go to the original IP address.
If a solution is to be had, it would need to rely on Squid knowing (on a per URL basis) whether the user has "opted out" and then serving the right page.
Some commercial web filters will let you do this - it is often referred to as "coach" or "soft block". One such filter is SmoothWall (Bias note: they are my employer!)