> >> What is the best way to have full control over HTTP traffic that goes
> >> through a Squid-enabled firewall?
> >
> > Don't allow outside connections from clients, don't use transparent. Force
> > users to configure proxy in browser.
On 13.10.08 01:40, Ali Hardogan wrote:
> I cannot use non-transparent proxy as I cannot modify every client.
Modify everything you can, block the rest. If there's any problem, you will
see what you need to configrue/intercept.
Then, intercept the rest.
> I also shall not be filtering any other traffic but HTTP. Having
> intentional or accidental impact on any other traffic is not
> acceptable.
In such case, you need content inspecting firewall, that will be able to
disconnect all open connections if there's unwanted traffic on them.
> Under the aforementioned constraints, SSL traffic cannot be inspected
> for URL filtering. I can only block known IP addresses by the
> firewall. That's somewhat acceptable for me.
the intercepting firewall must know what to allow and what not.
Squid is only a HTTP proxy, you need something more to satisfy your needs...
-- Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. 10 GOTO 10 : REM (C) Bill Gates 1998, All Rights Reserved!Received on Mon Oct 13 2008 - 12:41:25 MDT
This archive was generated by hypermail 2.2.0 : Mon Oct 13 2008 - 12:00:02 MDT