Search squid archive

Re: [squid-users] Only permitting SSL traffic on CONNECT?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 29.05 20:27, Florian Effenberger wrote:
> is it possible to only permit SSL traffic on CONNECT? When I have 
> CONNECT on 443 open, a user could theoretically open up its own server 
> listening on port 443 and tunnel through my proxy...

yes. However, you would need filter that would detect the used protocol.
I'm afraid it's currently impossible to push such filter to squid w/o
patching and recompiling it.

Also, I'm not 100% sure that it's easy to detect ssl negotiation and refuse
connection if it's not used (note that TLS negotiation is in some cases
requested after initisl handshake)

Last, when SSL is used, you even can't tell what protocol is inside of it.
-- 
Matus UHLAR - fantomas, uhlar@xxxxxxxxxxx ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
LSD will make your ECS screen display 16.7 million colors

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux