On 29.05 20:27, Florian Effenberger wrote: > is it possible to only permit SSL traffic on CONNECT? When I have > CONNECT on 443 open, a user could theoretically open up its own server > listening on port 443 and tunnel through my proxy... yes. However, you would need filter that would detect the used protocol. I'm afraid it's currently impossible to push such filter to squid w/o patching and recompiling it. Also, I'm not 100% sure that it's easy to detect ssl negotiation and refuse connection if it's not used (note that TLS negotiation is in some cases requested after initisl handshake) Last, when SSL is used, you even can't tell what protocol is inside of it. -- Matus UHLAR - fantomas, uhlar@xxxxxxxxxxx ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. LSD will make your ECS screen display 16.7 million colors
