Many thanks Jakob and Kevin;
I am only looking to inspect each SSL connection for the purposes of
determining if the traffic should be allowed, i.e. non-malicious (not chat,
file-transfer, etc).
Can anyone recommend such a product? Also, I should mention, I am not
looking to spend alot of money.
Are their any plans on the roadmap to do this sort of traffic analysis
within Squid?
Thanks all,
.vp
>On 6/19/07, Jakob Curdes <jc@info-systems.de> wrote:
>>Vadim Pushkin schrieb:
>> > Has anyone on this list ever deployed a third-party tool to do what JC
>> > suggests? I.e. block or limit file-tyransfers, inspect https traffic
>> > so as to block/allow it based on what it is doing?
>
>Yes. There are many commercial products which will inherently do
>simple inspection on the HTTPS protocol to deny CONNECT if the client
>and server aren't at least pretending to talk SSL/TLS.
>
>Commercial products which actually do man in the middle (MITM) against
>the SSL so they can inspect the data exchange are more expensive.
>
>>Restrict access to listed sites yes, third party no. Somebody in another
>>reply seemed to have experiance with a commercial app, I don't.
>
>I have experience with a couple of different commercial products.
>They work, but the privacy implications are frightening.
Received on Tue Jun 19 2007 - 13:19:03 MDT
This archive was generated by hypermail pre-2.1.9 : Sun Jul 01 2007 - 12:00:04 MDT