On 6/19/07, Jakob Curdes <jc@xxxxxxxxxxxxxxx> wrote:
Vadim Pushkin schrieb: > Has anyone on this list ever deployed a third-party tool to do what JC > suggests? I.e. block or limit file-tyransfers, inspect https traffic > so as to block/allow it based on what it is doing?
Yes. There are many commercial products which will inherently do simple inspection on the HTTPS protocol to deny CONNECT if the client and server aren't at least pretending to talk SSL/TLS. Commercial products which actually do man in the middle (MITM) against the SSL so they can inspect the data exchange are more expensive.
Restrict access to listed sites yes, third party no. Somebody in another reply seemed to have experiance with a commercial app, I don't.
I have experience with a couple of different commercial products. They work, but the privacy implications are frightening.