On 19.06.07 19:18, Vadim Pushkin wrote: > I am only looking to inspect each SSL connection for the purposes of > determining if the traffic should be allowed, i.e. non-malicious (not chat, > file-transfer, etc). If anyone was able to see content under SSL protocol, this would mean that SSL protocol is unsafe and doesn't fullfill it's main requirement that noone will see what's transferred in it, unless the proxy does MITM attack and client does not recognize that it's not really talking to the destination server. (which can be checked by verifying SSL certificates). There is probably one possibility to avoid this bu the proxy generating SSL certificate for each destination server and signing it by authority that client trusts. Oh. However, proxy server can do inspection of the data flowing via CONNECT, because CONNECT does NOT mean SSL. You can issue CONNECT and talk through using HTTP, FTP, NNTP, IRC, SSH protocol etc. So it is possible to inspect if client/server do not use this protocol and optionally deny it. However, when client imediately issues SSL negotiation, we can not do wnything with it. > Can anyone recommend such a product? Also, I should mention, I am not > looking to spend alot of money. I'm afraid that such content inspectors won't be very cheap > Are their any plans on the roadmap to do this sort of traffic analysis > within Squid? You still may submit a wishlist bugreport, but I guess that inspection should be done outside of squid, maybe by some CONNECT helper or what... -- Matus UHLAR - fantomas, uhlar@xxxxxxxxxxx ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I intend to live forever - so far so good.