Search squid archive

Re: How Bad is CONNECT and Should I Prevent It?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 6/19/07, Jakob Curdes <jc@xxxxxxxxxxxxxxx> wrote:
Vadim Pushkin schrieb:
> Has anyone on this list ever deployed a third-party tool to do what JC
> suggests?  I.e. block or limit file-tyransfers, inspect https traffic
> so as to block/allow it based on what it is doing?

Yes.  There are many commercial products which will inherently do
simple inspection on the HTTPS protocol to deny CONNECT if the client
and server aren't at least pretending to talk SSL/TLS.

Commercial products which actually do man in the middle (MITM) against
the SSL so they can inspect the data exchange are more expensive.

Restrict access to listed sites yes, third party no. Somebody in another
reply seemed to have experiance with a commercial app, I don't.

I have experience with a couple of different commercial products.
They work, but the privacy implications are frightening.

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux