Re: [squid-users] Only permitting SSL traffic on CONNECT?

From: Jan Engelhardt <jengelh@dont-contact.us>
Date: Mon, 30 May 2005 12:41:12 +0200 (MEST)

>> yes. However, you would need filter that would detect the used protocol.
>> I'm afraid it's currently impossible to push such filter to squid w/o
>> patching and recompiling it.
>>
>> Also, I'm not 100% sure that it's easy to detect ssl negotiation and
>> refuse
>> connection if it's not used (note that TLS negotiation is in some cases
>> requested after initisl handshake)
>>
>> Last, when SSL is used, you even can't tell what protocol is inside of it.
>
> thanks, then I will look to lock at least some dynamic IP addresses in order to
> prevent abuse by my users. ;-)

Check out http://l7-filter.sf.net/ , it's got a "anything with SSL" regexp.

Jan Engelhardt

-- 
Received on Mon May 30 2005 - 04:41:26 MDT

This archive was generated by hypermail pre-2.1.9 : Wed Jun 01 2005 - 12:00:04 MDT