Henrik Nordstrom schrieb:
Note: The suggested default rules restricts CONNECT to only two well
known SSL ports for good reasons..
OK, but still this does not prevent the scenario of people connecting
via the proxy to a ssh server running on port 443.
Actually if you look around a bit it seems that half the school kids and
university students use similar setups to connect to their home pcs from
inside the institution.
To block this, a small inspector that checks the incoming proxy ssl
traffic if it is really ssl would be enough. I wonder if anybody has
written such a thing already ?
Jakob Curdes
