ons 2007-05-23 klockan 17:46 +0100 skrev Markus Moeller:
> Is it possible to log the bytes in and out of a connection made with the
> CONNECT method. ? I am looking at identifying users misusing the SSL
> connection as a "remote access" solution and was wondering if byte in/byte
> out ratios could be used to identify the misuse without decrypting the
> session.
Squid only keeps a single total counter for CONNECT requests. To get
them split you need to extend the code to keep two counters.
> Are there other known ways besides IP-address/hostname blacklisting to
> identify HTTPS tunnels ?
Most isn't actually using SSL, so a IDS system looking for odd traffic
in CONNECT requests will trap many of them (but not all).
Regards
Henrik
This archive was generated by hypermail pre-2.1.9 : Fri Jun 01 2007 - 12:00:05 MDT