Marcus Kool escreveu:
>
> Mar Matthias Darin wrote:
>> Hello,
>> Frank Bonnet writes:
>>> OK thanks a lot for your "lights" , I think the easyiest way
>>> for me would be protocol filtering done by the firewall ...
>>
>> This is also the most secure. I personally do not let squid handle
>> the CONNECT. IMHO, this is too easy to be abused. I use a pac file
>> that forces CONNECT to be direct access only.
>
> Hmmm. can't say that I agree with this.
> Of course one needs a proper firewall configured to block most ports but
> Squid allows you to configure "CONNECT to port 443 only".
>
> And with "going direct" one has no control, no log file for examination,
> and no Squid features like bandwidth management or blocking with
> ufdbGuard.
>
Yeah .... i have to agree with Marcus and disagree completly with
Mar Matthias. But ... there are cases and cases. At least for me,
letting squid deal with CONNECTs showed completly efficient and pretty
enough for my needs. My needs are usually corporate needs, in which P2P
is never wanted. I can easily block P2P with high efficient in squid
with some simple ACLs. I have also tried some other p2p-blocking things,
like layer7 iptables modules and ipp2p but i couldnt get 100% blocking
with them.
-- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertrudes@solutti.com.br My SPAMTRAP, do not email it
This archive was generated by hypermail pre-2.1.9 : Fri Feb 01 2008 - 12:00:05 MST