Hi Emilio,
Many thanks for your reply.
When you say careful regards to security, do you mean that anyone who
knows the IP of a host will get through our content filter? We have
mainly set our squid up like this to stop people using Proxy
Tunneling software....
Jon
On 6 Jun 2006, at 09:27, Emilio Casbas wrote:
Jon Joyce wrote:
Hi all,
We currently have a Squid box set up to only allow secure https
traffic through a manually updated whitelist. So now, all clients
must provide the name and 443 port of our Proxy server before they
can access secure sites (i.e. Internet Banking, Hotmail etc.)
We now have the problem that Skype wants to use the outgoing
secure 443 port which is not allowed through our Proxy...
Is there anyway around this??
Skype will attempt to tunnel the traffic over port 443 using the
SSL protocol as you said,
In order to permit access to skype through squid, you would have to
know the "random" destination
IPs that skype use with the CONNECT method.
One possibility could be you can try permit numeric IPs with the
CONNECT method, but be careful regard to security.
acl N_IPS urlpath_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
acl connect method CONNECT
http_access allow connect N_IPS all
Thanks
Emilio C.
Anyone's help is much appretiated
Jon
