Search squid archive

Re: [squid-users] Only permitting SSL traffic on CONNECT?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, 29 May 2005, Florian Effenberger wrote:

is it possible to only permit SSL traffic on CONNECT? When I have CONNECT on 443 open, a user could theoretically open up its own server listening on port 443 and tunnel through my proxy...

Squid doesn't care today.

In theory you could look for SSL fingerprinting of the forwarded traffic, but you should realize that this will only make the determined users tunnel their stuff over SSL, and also risks false rejects especially considering future versions of SSL not known to your protocol fingerprinting.

A more viable option is to use IDS type technology to detect known forms of abuse, and take appropriate action on the users found to violate your policy. On the other hand if you can not take noticable actions when abuse is found then there isn't much to gain in uppering the level and it's better to use these tools to document that these things is going on motivating a change in policy allowing actions to be taken.

Detecting things like SSH, POP3, SMB etc over the CONNECT method is relatively trivial at the packet level by an IDS. Also extending Squid to have the IDS hooks builtin shouldn't be hard.

Regards
Henrik

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux