Re: [squid-users] Controlling all HTTP traffic

From: Henrik K <hege_at_hege.li>
Date: Mon, 13 Oct 2008 08:56:54 +0300

On Mon, Oct 13, 2008 at 01:40:06AM +0300, Ali Hardogan wrote:
> >
> > Depending on your OS/firewall, you may have ability search packets for HTTP
> > traffic. But it is intensive, not foolproof and unnecessary kludge.
>
> Right. And I cannot be using Squid for that. Instead I need to rely on
> another instance of the blacklist enforced by the OS/firewall.

I was originally thinking that you might redirect such traffic, but yes it's
impossible since the TCP-session is already established when you see HTTP
content. So yes your only option is to drop traffic to bad places.

> Another approach could be to direct all port 80/3128/8080 TCP
> connections to Squid, and drop any packet that carries any HTTP
> payload through any other port. This approach relies on the assumption
> that the only HTTP traffic that uses one of those other ports is a
> proxy HTTP that is trying to "evade" the filter. How valid would this
> assumption be?

If your only option is to play hide-and-seek, then you must use such
methods. Filter all by default and only open on request.
Received on Mon Oct 13 2008 - 05:57:01 MDT

This archive was generated by hypermail 2.2.0 : Mon Oct 13 2008 - 12:00:02 MDT